Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
Analysis ID:1376083
MD5:2f2acbfb946b202fe77660b2a735a197
SHA1:fd4738c226bf7672880144aad0135576ad3c1fa4
SHA256:2eb564562fc5d4d4ab4efca29e542ba64da9b04a58b7c6a39ace4e53ad12273a
Tags:exeRiseProStealer
Infos:

Detection

Amadey, RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys Clipper DLL
Yara detected Amadeys stealer DLL
Yara detected RisePro Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Contains functionality to check for running processes (XOR)
Contains functionality to inject threads in other processes
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Found API chain indicative of sandbox detection
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has nameless sections
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe (PID: 6156 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe MD5: 2F2ACBFB946B202FE77660B2A735A197)
    • schtasks.exe (PID: 5972 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 4536 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ItBcnKyTYzzcux4XTo2S.exe (PID: 9260 cmdline: "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe" MD5: 1E69A8A85C711D2D84F4097B06E4A6CE)
      • explorhe.exe (PID: 11432 cmdline: "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" MD5: 1E69A8A85C711D2D84F4097B06E4A6CE)
        • schtasks.exe (PID: 13624 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F MD5: 48C2FE20575769DE916F48EF0676A965)
          • conhost.exe (PID: 14224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • rundll32.exe (PID: 12772 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)
    • wSEyOaXu6NUnyNwmSKqM.exe (PID: 9380 cmdline: "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe" MD5: D70733214C957E72E8C5A305B0BBC7D7)
      • chrome.exe (PID: 9440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 10124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1992,i,6310753407935598149,17859461482613628573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 9540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 10076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2204,i,15729364803454474630,3851250065344724833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 9624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://instagram.com/accounts/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2004,i,7283726857084362712,15119685456646774483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 9916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.paypal.com/signin MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 10812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,14378781951259307047,4188744618890532289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 10340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://store.steampowered.com/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 9248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,4670160639782249315,11229613294517820312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 10948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://steamcommunity.com/openid/loginform MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 11424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,12875510592016247848,9610536198439608052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 10220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.epicgames.com/id/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 11696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1956,i,1362200134941538796,11659752482438541742,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 11596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 12124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,3788731305370777980,9416224067675073750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 11880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 9760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=920 --field-trial-handle=1592,i,7283115601660478920,12046409174522057752,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 12180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 12480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1952,i,4953983639272391216,16835619525233672643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • msedge.exe (PID: 12464 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 13044 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2064,i,1050194441771241166,153372168645923794,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • chrome.exe (PID: 12704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • firefox.exe (PID: 12868 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • MPGPH131.exe (PID: 1772 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 2F2ACBFB946B202FE77660B2A735A197)
    • RN_rIK_rAnb45b13yJFN.exe (PID: 13988 cmdline: "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe" MD5: 1E69A8A85C711D2D84F4097B06E4A6CE)
    • 8HpbF7lR86IQN_gPKFmq.exe (PID: 15048 cmdline: "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe" MD5: D70733214C957E72E8C5A305B0BBC7D7)
      • chrome.exe (PID: 15296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • MPGPH131.exe (PID: 1100 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 2F2ACBFB946B202FE77660B2A735A197)
    • RN_rIK_rAnb45b13yJFN.exe (PID: 13952 cmdline: "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe" MD5: 1E69A8A85C711D2D84F4097B06E4A6CE)
    • 8HpbF7lR86IQN_gPKFmq.exe (PID: 14992 cmdline: "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe" MD5: D70733214C957E72E8C5A305B0BBC7D7)
      • chrome.exe (PID: 15164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 10772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1048,i,16917586532604722924,17238789171836043011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 10252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • RageMP131.exe (PID: 9336 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 2F2ACBFB946B202FE77660B2A735A197)
  • RageMP131.exe (PID: 12192 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 2F2ACBFB946B202FE77660B2A735A197)
  • msedge.exe (PID: 13112 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 12804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10460 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10736 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6384 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 14788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7644 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 14820 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7804 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • firefox.exe (PID: 13124 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 13220 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 13796 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2128 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3a84251-27d1-44ed-a5f3-48c6835a106c} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e5cf6d910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 14148 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 1 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 21867 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4fb3dc-afa8-4648-aedc-bd5d4900ff67} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e6da77850 tab MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9452 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4052 -prefsLen 22057 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f600edd2-3f25-4a9e-99ee-ad9bdbba397b} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e69f3abd0 tab MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9364 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 3124 -prefsLen 30974 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc6bea7-b0de-41ac-af27-3401bf89a237} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e76be9150 tab MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 13212 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -parentBuildID 20230927232528 -prefsHandle 2960 -prefMapHandle 4700 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {585c9d85-6524-4a3c-b0bb-5d4e5dd3101a} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e7535c410 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • explorhe.exe (PID: 7044 cmdline: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe MD5: 1E69A8A85C711D2D84F4097B06E4A6CE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["185.215.113.68/theme/index.php"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\fEMM7MXc0YqyJawkJDze71X6lYIiC_Ic.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
      C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exeJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
          C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              Click to see the 7 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000007.00000002.3333189112.0000000000F4C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                00000006.00000002.2666359935.000000000143F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                  0000002F.00000002.2667619172.0000000000CF1000.00000040.00000001.01000000.00000013.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    00000038.00000002.4863465442.000000006CA41000.00000020.00000001.01000000.00000015.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      00000008.00000002.2299329499.0000000000D11000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        Click to see the 11 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        7.0.MPGPH131.exe.b80000.0.unpackJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                          26.2.explorhe.exe.c0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            47.2.RN_rIK_rAnb45b13yJFN.exe.cf0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                              56.2.rundll32.exe.6ca40000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                                56.2.rundll32.exe.6ca40000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                                  Click to see the 13 entries

                                  Sigma Signatures

                                  No Sigma rule has matched

                                  Snort Signatures

                                  No Snort rule has matched

                                  Joe Sandbox Signatures

                                  Click to jump to signature section

                                  Show All Signature Results

                                  AV Detection

                                  barindex
                                  Antivirus detection for URL or domain
                                  Source: http://185.215.113.68/theme/index.phpBhAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.68/theme/index.phpCaAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.68/theme/index.php%HAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.68/theme/index.php9.fAvira URL Cloud: Label: malware
                                  Source: https://medfioytrkdkcodlskeej.net/VAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.68/theme/index.phpsAvira URL Cloud: Label: phishing
                                  Source: http://185.215.113.68/theme/index.phptchAvira URL Cloud: Label: malware
                                  Source: http://194.33.191.102/autorun.exeAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.68/theme/index.php2Avira URL Cloud: Label: phishing
                                  Source: http://185.215.113.68/c0f9c34d04ecd71f3f7e0360f241fc96d3b5a4e6b1c66fdd454daa52aa495c49#01LMEMAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.68/theme/Plugins/cred64.dllAvira URL Cloud: Label: malware
                                  Source: http://185.172.128.19/latestrocki.exeAvira URL Cloud: Label: malware
                                  Found malware configuration
                                  Source: 56.2.rundll32.exe.6ca40000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": ["185.215.113.68/theme/index.php"]}
                                  Multi AV Scanner detection for dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeReversingLabs: Detection: 55%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\autorun[1].exeReversingLabs: Detection: 73%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exeReversingLabs: Detection: 55%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\kkxxx[1].exeReversingLabs: Detection: 75%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exeReversingLabs: Detection: 87%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dllReversingLabs: Detection: 95%
                                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeReversingLabs: Detection: 55%
                                  Source: C:\Users\user\AppData\Local\Temp\1000384001\autorun.exeReversingLabs: Detection: 73%
                                  Source: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exeReversingLabs: Detection: 87%
                                  Source: C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exeReversingLabs: Detection: 75%
                                  Source: C:\Users\user\AppData\Local\Temp\1000392001\liva.exeReversingLabs: Detection: 55%
                                  Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllReversingLabs: Detection: 95%
                                  Multi AV Scanner detection for submitted file
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeReversingLabs: Detection: 55%
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeVirustotal: Detection: 67%Perma Link
                                  Machine Learning detection for dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeJoe Sandbox ML: detected
                                  Machine Learning detection for sample
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeJoe Sandbox ML: detected
                                  Sample uses string decryption to hide its real strings
                                  Source: 56.2.rundll32.exe.6ca40000.0.unpackString decryptor: 185.215.113.68
                                  Source: 56.2.rundll32.exe.6ca40000.0.unpackString decryptor: /theme/index.php
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA6D10 RegQueryValueExA,CryptUnprotectData,CryptUnprotectData,LocalFree,6_2_00BA6D10
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  Source: Binary string: Environment.pdb source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E42090 CreateDirectoryA,FindFirstFileA,GetLastError,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,SHGetFolderPathA,GetFileAttributesA,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,__Mtx_unlock,0_2_00E42090
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7CAA0 SHGetFolderPathA,GetFileAttributesA,GetLastError,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CopyFileA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,CopyFileA,__Mtx_unlock,__Mtx_unlock,0_2_00E7CAA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F29505 FindClose,FindFirstFileExW,GetLastError,0_2_00F29505
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3DC90 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,__Mtx_unlock,0_2_00E3DC90
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F48980 FindFirstFileExW,0_2_00F48980
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7F3A0 FindFirstFileA,0_2_00E7F3A0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2958B GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_00F2958B
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B92090 CreateDirectoryA,FindFirstFileA,GetLastError,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,SHGetFolderPathA,GetFileAttributesA,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,__Mtx_unlock,6_2_00B92090
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCCAA0 SHGetFolderPathA,GetFileAttributesA,GetLastError,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CopyFileA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,CopyFileA,__Mtx_unlock,__Mtx_unlock,6_2_00BCCAA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C79505 FindClose,recv,FindFirstFileExW,GetLastError,6_2_00C79505
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA7A14 FindFirstFileA,FindNextFileA,GetLastError,FindClose,6_2_00BA7A14
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8DC90 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,__Mtx_unlock,6_2_00B8DC90
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C98980 FindFirstFileExW,6_2_00C98980
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCF3A0 FindFirstFileA,6_2_00BCF3A0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7958B GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,6_2_00C7958B
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\Documents\desktop.ini
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\AppData\Local\Temp
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\AppData
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\AppData\Local
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                  Source: firefox.exeMemory has grown: Private usage: 1MB later: 273MB

                                  Networking

                                  barindex
                                  System process connects to network (likely due to code injection or exploit)
                                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.215.113.68 80
                                  C2 URLs / IPs found in malware configuration
                                  Source: Malware configuration extractorIPs: 185.215.113.68
                                  Source: Joe Sandbox ViewIP Address: 54.86.169.242 54.86.169.242
                                  Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                                  Source: Joe Sandbox ViewIP Address: 151.101.130.133 151.101.130.133
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E54B20 recv,WSAStartup,getaddrinfo,closesocket,socket,connect,closesocket,freeaddrinfo,WSACleanup,freeaddrinfo,0_2_00E54B20
                                  Source: firefox.exe, 00000029.00000003.2467121667.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2520257019.0000024E7A6B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2528521259.0000024E7A6B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
                                  Source: firefox.exe, 00000029.00000003.2467121667.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2520257019.0000024E7A633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2528521259.0000024E7A633000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ^ts://www.linkedin.com/loginM% equals www.linkedin.com (Linkedin)
                                  Source: firefox.exe, 00000029.00000003.2467121667.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2520257019.0000024E7A6B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2528521259.0000024E7A6B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/login equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/loginp equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login equals www.linkedin.com (Linkedin)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login'~ equals www.linkedin.com (Linkedin)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/loginm$ equals www.linkedin.com (Linkedin)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2467121667.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/, equals www.youtube.com (Youtube)
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.000002289739A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.000002289739A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.000002289739A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/D equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/\ equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comA equals www.youtube.com (Youtube)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ts://www.facebook.com/login equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.comI equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.comY equals www.facebook.com (Facebook)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com<nN` equals www.linkedin.com (Linkedin)
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001718000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
                                  Source: firefox.exe, 00000029.00000003.2569334633.0000024E6AC7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2568579133.0000024E6AC7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2645458793.0000024E6AC7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/ equals www.youtube.com (Youtube)
                                  Source: firefox.exe, 00000029.00000003.2569334633.0000024E6AC7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2568579133.0000024E6AC7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2645458793.0000024E6AC7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/Z equals www.youtube.com (Youtube)
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.151.245.75:10807/kkxxx.exe
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.151.245.75:10807/kkxxx.exe)a
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.151.245.75:10807/kkxxx.exe23.exe
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.151.245.75:10807/kkxxx.exeb6122417a
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exe
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exe04-3500
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exe204-3500
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exe61BFDDD
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exePS
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2243111332.0000000003500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exeam
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exejl7
                                  Source: MPGPH131.exe, 00000007.00000002.3340182809.0000000003BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exenhC
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2243111332.0000000003500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exeole
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://109.107.182.3/cost/go.exexe
                                  Source: firefox.exe, 00000029.00000003.2464303277.0000024E7AB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3476212706.0000015516A67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.68/mX)Z5
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.19/latestrocki.exe
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.2
                                  Source: MPGPH131.exe, 00000007.00000002.3340182809.0000000003BE2000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/0f241fc96d3b5a4e6b1c66fdd454daa52aa4952001
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/0f241fc96d3b5a4e6b1c66fdd454daa52aa49e
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/0f241fc96d3b5a4e6b1c66fdd454daa52axe
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/c0f9c34d04ecd71f3f7e0360f241fc96d3b5a4e6b1c66fdd454daa52aa495c4
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/c0f9c34d04ecd71f3f7e0360f241fc96d3b5a4e6b1c66fdd454daa52aa495c49#01LMEM
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/c0f9c34d04ecd71f3f7e0360f241fc96d3b5a4e6b1c66fdd454daa52aa495c49#49#
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.0000000001318000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/amer.exe
                                  Source: MPGPH131.exe, 00000007.00000002.3340182809.0000000003BC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/amer.exeK
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.0000000000879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/amer.exeR
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/amer.exeRl
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/amer.exeera
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/amer.exeg
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/liva.exe
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/zona.exehC
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/mine/zona.exetC
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000134D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/Plugins/clip64.dll
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000134D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/Plugins/cred64.dll
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000038.00000002.4858311476.000000000056A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php%H
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php&Cl
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php2
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php5H
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php7a
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php8Ha
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php9.f
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.php93001
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phpAppDataBZC
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phpBh
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phpCa
                                  Source: rundll32.exe, 00000038.00000002.4858311476.000000000056A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phpTK
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phplfon
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phpoft
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phps
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phptch
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.68/theme/index.phpwk
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.22
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://194.33.191.102/autorun.exe
                                  Source: firefox.exe, 00000029.00000003.2598407909.0000024E7A527000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
                                  Source: firefox.exe, 00000029.00000003.2598407909.0000024E7A527000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
                                  Source: firefox.exe, 00000029.00000003.2598407909.0000024E7A527000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
                                  Source: firefox.exe, 00000029.00000003.2598407909.0000024E7A527000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
                                  Source: firefox.exe, 00000029.00000003.2534305328.0000024E76BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2594531574.0000024E7A556000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A556000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2600928653.0000024E76D7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
                                  Source: firefox.exe, 00000029.00000003.2536360646.0000024E70C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
                                  Source: firefox.exe, 00000029.00000003.2478890667.0000024E700D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
                                  Source: firefox.exe, 00000029.00000003.2529290517.0000024E7A5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2744933122.0000024E76EC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
                                  Source: firefox.exe, 00000029.00000003.2529290517.0000024E7A5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2752142565.0000024E6EF19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299466848.0000000000D7F000.00000080.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855347937.000000000012F000.00000080.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672544726.0000000000D5F000.00000080.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2668862846.0000000000D5F000.00000080.00000001.01000000.00000013.sdmpString found in binary or memory: http://enigmaprotector.com/D
                                  Source: firefox.exe, 00000030.00000002.3476212706.0000015516AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
                                  Source: firefox.exe, 00000030.00000002.3486001209.000001551BE12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
                                  Source: firefox.exe, 00000030.00000002.3476212706.0000015516AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
                                  Source: firefox.exe, 00000030.00000002.3486001209.000001551BE12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
                                  Source: firefox.exe, 00000030.00000002.3476212706.0000015516AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
                                  Source: firefox.exe, 00000030.00000002.3476212706.0000015516A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/stringsp
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#
                                  Source: firefox.exe, 00000029.00000003.2510624394.0000024E5F062000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
                                  Source: firefox.exe, 00000032.00000003.4734122208.000002290003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.3787403812.000002289931E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4999797663.000002289931A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2744729301.0000022899360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EF8000.00000040.00000001.01000000.00000007.sdmp, ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000000.2175559805.000000000101D000.00000080.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.00000000002A8000.00000040.00000001.01000000.0000000E.sdmp, explorhe.exe, 0000001A.00000000.2277302471.00000000003CD000.00000080.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000000.2364773274.0000000000FFD000.00000080.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000000.2364971043.0000000000FFD000.00000080.00000001.01000000.00000013.sdmpString found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EF8000.00000040.00000001.01000000.00000007.sdmp, ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000000.2175559805.000000000101D000.00000080.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.00000000002A8000.00000040.00000001.01000000.0000000E.sdmp, explorhe.exe, 0000001A.00000000.2277302471.00000000003CD000.00000080.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000000.2364773274.0000000000FFD000.00000080.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000000.2364971043.0000000000FFD000.00000080.00000001.01000000.00000013.sdmpString found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EF8000.00000040.00000001.01000000.00000007.sdmp, ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000000.2175559805.000000000101D000.00000080.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.00000000002A8000.00000040.00000001.01000000.0000000E.sdmp, explorhe.exe, 0000001A.00000000.2277302471.00000000003CD000.00000080.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000000.2364773274.0000000000FFD000.00000080.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000000.2364971043.0000000000FFD000.00000080.00000001.01000000.00000013.sdmpString found in binary or memory: http://pki-ocsp.symauth.com0
                                  Source: firefox.exe, 00000029.00000003.2476554329.0000024E70ADA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2539000250.0000024E70ADA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
                                  Source: firefox.exe, 00000029.00000003.2476554329.0000024E70ADA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2539000250.0000024E70ADA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                                  Source: RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.enigmaprotector.com/
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
                                  Source: firefox.exe, 00000029.00000003.2598407909.0000024E7A527000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76D63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2481796685.0000024E6FDCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2598690074.0000024E788D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2482013597.0000024E6FD91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2534305328.0000024E76BB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2666182252.000002510003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2532470830.0000024E788D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2467121667.0000024E76CDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76D71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2604034470.0000024E76BB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2482149180.0000024E6FB59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
                                  Source: firefox.exe, 00000029.00000003.2598690074.0000024E788D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2532470830.0000024E788D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul5nmN
                                  Source: firefox.exe, 00000029.00000003.2481796685.0000024E6FDCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
                                  Source: firefox.exe, 00000030.00000003.2645685338.000001551E045000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000003.2648065490.000001551E02E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3494670162.000001551C179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.videolan.org/x264.html
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063143981.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000000.2051336107.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063561330.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000000.2080658369.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2661874619.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.3331552029.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000000.2081134720.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000009.00000002.2346002414.00000000010FE000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000009.00000000.2194066097.00000000010FE000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000020.00000000.2283849037.00000000010FE000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000020.00000002.2417885102.00000000010FE000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                                  Source: firefox.exe, 00000029.00000003.2464303277.0000024E7AB7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                                  Source: firefox.exe, 00000029.00000003.2464303277.0000024E7AB7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
                                  Source: firefox.exe, 00000029.00000003.2594531574.0000024E7A556000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A556000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
                                  Source: firefox.exe, 00000029.00000003.2361969173.0000024E6D86B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2362433845.0000024E6D883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                  Source: firefox.exe, 00000029.00000003.2536360646.0000024E70C2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
                                  Source: firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
                                  Source: firefox.exe, 00000029.00000003.2752142565.0000024E6EF19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
                                  Source: firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4879664847.0000022891A9A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4892303907.0000022892324000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.5030058045.0000022899581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4892303907.0000022892320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com$
                                  Source: firefox.exe, 00000028.00000002.2346085809.0000019B95FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com--attempting-deelevation
                                  Source: firefox.exe, 00000032.00000002.4931065253.00000228973A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/(
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com2%
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com4
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2310681307.0000000001520000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000025.00000002.2330598179.0000016AE1DC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comC:
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comD
                                  Source: firefox.exe, 00000029.00000003.2352946897.0000024E5FB62000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2350878924.0000024E5FBC2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2344662681.0000024E5FBB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2350878924.0000024E5FB85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2344408660.0000024E5FB85000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4868568870.000001E85EDD0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878627236.000001E85F0E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878627236.000001E85F0E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3479992327.0000015517000000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3473344140.0000015516760000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3479992327.0000015517004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4879664847.0000022891A90000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4892303907.0000022892324000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4892303907.0000022892320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com_
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001799000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305565658.0000000001799000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311355580.0000000001799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com_C:
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comin
                                  Source: firefox.exe, 0000002D.00000002.4868568870.000001E85EDDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comk
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.comn
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76D33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C131000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.0000022897333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
                                  Source: firefox.exe, 00000029.00000003.2464303277.0000024E7AB2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                                  Source: firefox.exe, 00000029.00000003.2745496779.0000024E76E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
                                  Source: firefox.exe, 00000032.00000002.4999797663.0000022899355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.3638746762.0000022899360000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2744729301.0000022899360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1806257
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
                                  Source: firefox.exe, 00000029.00000003.2672844058.0000024E7A013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
                                  Source: firefox.exe, 00000029.00000003.2361969173.0000024E6D86B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2362433845.0000024E6D883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
                                  Source: firefox.exe, 00000029.00000003.2470526536.0000024E6E3AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2604034470.0000024E76BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
                                  Source: firefox.exe, 00000029.00000003.2660859890.0000024E7A593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
                                  Source: firefox.exe, 00000029.00000003.2594531574.0000024E7A5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2473126307.0000024E7A5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530011741.0000024E7A5D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2660859890.0000024E7A5D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                                  Source: firefox.exe, 00000029.00000003.2467121667.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2601509772.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
                                  Source: firefox.exe, 00000029.00000003.2601509772.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
                                  Source: firefox.exe, 00000029.00000003.2601509772.0000024E76CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2416754567.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
                                  Source: firefox.exe, 00000032.00000002.5074391952.0000022899646000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2416754567.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
                                  Source: firefox.exe, 00000029.00000003.2361969173.0000024E6D86B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2362433845.0000024E6D883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2482013597.0000024E6FD91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
                                  Source: firefox.exe, 00000029.00000003.2455149096.0000024E5F0C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2454246412.0000024E5F0BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
                                  Source: firefox.exe, 00000029.00000003.2745253318.0000024E76EAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
                                  Source: firefox.exe, 00000030.00000002.3492963215.000001551BF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1
                                  Source: firefox.exe, 00000029.00000003.2752142565.0000024E6EF19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
                                  Source: firefox.exe, 00000032.00000002.4922412954.0000022897203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1enableTelemetryRecording
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2482013597.0000024E6FD91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.00000228973A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.00000228973A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.00000228973A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
                                  Source: firefox.exe, 00000029.00000003.2604034470.0000024E76BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
                                  Source: firefox.exe, 00000030.00000002.3494670162.000001551C1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.00000228973A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
                                  Source: firefox.exe, 00000029.00000003.2530129719.0000024E7A593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2416754567.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
                                  Source: firefox.exe, 00000029.00000003.2361969173.0000024E6D86B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
                                  Source: firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
                                  Source: firefox.exe, 00000032.00000002.4882234214.0000022891C03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4922412954.0000022897203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
                                  Source: firefox.exe, 00000030.00000002.3492963215.000001551BF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Getting
                                  Source: firefox.exe, 00000032.00000002.4922412954.0000022897203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Object
                                  Source: firefox.exe, 00000032.00000002.5030058045.00000228995DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
                                  Source: firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
                                  Source: firefox.exe, 00000029.00000003.2662864017.0000024E7A29D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2742291562.0000024E7A283000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
                                  Source: firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
                                  Source: firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
                                  Source: firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
                                  Source: firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
                                  Source: firefox.exe, 00000030.00000002.3486001209.000001551BE9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4899430726.000002289719C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/accounts/login
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/accounts/login#
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/accounts/loginj
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.000000000079E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/(
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.00000000012CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/L
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2666359935.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.2346502706.0000000001318000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/U
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.00000000012CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/e
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063143981.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000000.2051336107.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063561330.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000000.2080658369.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2661874619.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.3331552029.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000000.2081134720.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000009.00000002.2346002414.00000000010FE000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000009.00000000.2194066097.00000000010FE000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000020.00000000.2283849037.00000000010FE000.00000002.00000001.01000000.00000008.sdmp, RageMP131.exe, 00000020.00000002.2417885102.00000000010FE000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-address
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.000000000137D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/l
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.000000000137D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/q
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/s
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2666359935.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2666359935.00000000013A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.2346502706.00000000012F8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.2346502706.0000000001318000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000BAA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/154.16.192.193
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000B97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/154.16.192.193C
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000EBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/154.16.192.193E
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.00000000012F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/154.16.192.193P
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.2346502706.0000000001318000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000BAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/154.16.192.193
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/154.16.192.193p
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/154.16.192.193~
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
                                  Source: firefox.exe, 00000029.00000003.2536360646.0000024E70C2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                                  Source: firefox.exe, 00000029.00000003.2536360646.0000024E70C2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
                                  Source: firefox.exe, 00000032.00000002.5074391952.0000022899646000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000012F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medfioytrkdkcodlskeej.net/
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000134D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medfioytrkdkcodlskeej.net/987123.exe
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000012F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medfioytrkdkcodlskeej.net/V
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3476212706.0000015516A7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
                                  Source: firefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
                                  Source: firefox.exe, 00000029.00000003.2750894753.0000024E6F1EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
                                  Source: firefox.exe, 00000030.00000002.3492963215.000001551BF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3494670162.000001551C131000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3492963215.000001551BF0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.0000022897333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
                                  Source: firefox.exe, 00000032.00000003.3782287089.0000022898DF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2746354212.0000022898DF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.3464154793.0000022898DF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/rev/a26af613a476fafe6c3eba05a81bef63dff3c9f1/browser/component
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
                                  Source: firefox.exe, 00000029.00000003.2598690074.0000024E788D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
                                  Source: firefox.exe, 00000029.00000003.2598690074.0000024E78880000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2532659266.0000024E78880000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
                                  Source: firefox.exe, 00000029.00000003.2529290517.0000024E7A5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
                                  Source: firefox.exe, 00000029.00000003.2528102885.0000024E7A6EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
                                  Source: firefox.exe, 00000029.00000003.2606168327.0000024E753DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2481970266.0000024E6FDA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/openid/loginform
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/openid/loginformc
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/login
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/login5
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4922412954.0000022897203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4922412954.000002289720D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
                                  Source: firefox.exe, 00000032.00000002.4922412954.000002289720D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/Correct
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
                                  Source: firefox.exe, 00000032.00000002.4999797663.0000022899355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.3638746762.0000022899360000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000003.2744729301.0000022899360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/supportPageSlug
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
                                  Source: firefox.exe, 00000029.00000003.2744933122.0000024E76EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
                                  Source: firefox.exe, 00000032.00000002.5030058045.00000228995C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/connection-not-secure
                                  Source: firefox.exe, 00000032.00000002.5074391952.000002289969B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error
                                  Source: firefox.exe, 00000029.00000003.2467121667.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2601509772.0000024E76CCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
                                  Source: firefox.exe, 00000029.00000003.2748555343.0000024E6F8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                                  Source: firefox.exe, 00000029.00000003.2489035374.0000024E6FE8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
                                  Source: firefox.exe, 00000029.00000003.2536360646.0000024E70C52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
                                  Source: firefox.exe, 00000029.00000003.2748555343.0000024E6F8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2242173667.0000000003417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT#
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT/dP
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.000000000137D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTH3$
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTe
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.000000000143F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTl
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.00000000012F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot3f
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot=
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bote
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botrisepw
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76D6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/flow/login
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/flow/login0
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
                                  Source: firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
                                  Source: firefox.exe, 00000029.00000003.2603520047.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2534305328.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
                                  Source: firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2416754567.0000024E77123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
                                  Source: firefox.exe, 00000029.00000003.2484221363.0000024E6E696000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                                  Source: firefox.exe, 00000029.00000003.2472606966.0000024E7AADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000135B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/W
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/user
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/amFiles%
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000135B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/o
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/322321.exe
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/Rdx1.exe
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/data.exe
                                  Source: explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/data.exeVa
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/flesh.exe
                                  Source: explorhe.exe, 0000001A.00000003.2646646509.0000000001383000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.2646646509.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/gold.exe
                                  Source: explorhe.exe, 0000001A.00000003.2646646509.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/gold.exe0382001
                                  Source: explorhe.exe, 0000001A.00000003.2646646509.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/gold.exe1
                                  Source: explorhe.exe, 0000001A.00000003.2646646509.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/gold.exef34.dll
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/gold.exeik
                                  Source: explorhe.exe, 0000001A.00000003.2646646509.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/gold.exel
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/leg.exe
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/leg.exe/
                                  Source: explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/leg.exe00386001
                                  Source: explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/leg.exe1f3f
                                  Source: explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/leg.exejn
                                  Source: explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aorp.org.br/temp/leg.exe~nan
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
                                  Source: firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.epicgames.com/id/login
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.epicgames.com/id/login:
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.epicgames.com/id/loginF
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
                                  Source: firefox.exe, 00000029.00000003.2361969173.0000024E6D86B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2362433845.0000024E6D883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                  Source: firefox.exe, 00000029.00000003.2475318029.0000024E76D3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2362433845.0000024E6D883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/login
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkedin.com/loginm$
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                                  Source: firefox.exe, 00000029.00000003.2594531574.0000024E7A55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2594531574.0000024E7A5CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A5A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A55A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2594531574.0000024E7A5A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
                                  Source: firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
                                  Source: firefox.exe, 00000029.00000003.2748555343.0000024E6F8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                                  Source: firefox.exe, 00000029.00000003.2455149096.0000024E5F0C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2454246412.0000024E5F0BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
                                  Source: firefox.exe, 00000029.00000003.2748555343.0000024E6F8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                                  Source: firefox.exe, 00000029.00000003.2748356581.0000024E6F8FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/:
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/CcM8S8KwJktambXH7du0NQvoKDbZnzDWV9Xluhgbn
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2136976761.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.0000000000871000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2711447714.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2151786751.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2149297196.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2147541187.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2146865591.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2153065201.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2177001287.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148849762.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169951334.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138014535.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138439143.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2157197135.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2139941187.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2180300625.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2171256808.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2178278676.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2179880060.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169154135.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2171983887.0000000000F76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                                  Source: firefox.exe, 00000029.00000003.2748555343.0000024E6F8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
                                  Source: firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2136976761.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.0000000000871000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2711447714.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2151786751.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2149297196.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2147541187.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2146865591.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2153065201.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2177001287.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148849762.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169951334.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138014535.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138439143.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2157197135.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2139941187.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2180300625.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2171256808.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2178278676.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2179880060.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169154135.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2171983887.0000000000F76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2168225010.0000000000F33000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2174009020.0000000000F35000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147913749.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2176976047.0000000000F33000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2157197135.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2170988988.0000000000F33000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138014535.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169951334.0000000000F33000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2179368360.0000000000F33000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000F39000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2141999173.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169154135.0000000000F33000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2139941187.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2180300625.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2163330858.0000000000F34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3476212706.0000015516AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891CE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
                                  Source: firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000F39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/SDRa
                                  Source: firefox.exe, 00000029.00000003.2599812703.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2533179068.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2475318029.0000024E76DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2136976761.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.0000000000871000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2711447714.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2151786751.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2149297196.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2147541187.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2146865591.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2153065201.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2177001287.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148849762.0000000003F78000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169951334.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138014535.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2138439143.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2157197135.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2139941187.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2180300625.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2171256808.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2178278676.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2179880060.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2169154135.0000000000F76000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2171983887.0000000000F76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/ts
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/x
                                  Source: firefox.exe, 00000029.00000003.2536360646.0000024E70C2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
                                  Source: firefox.exe, 00000029.00000003.2603520047.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2534305328.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/signin
                                  Source: firefox.exe, 00000029.00000003.2528102885.0000024E7A6F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                                  Source: firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                                  Source: firefox.exe, 00000029.00000003.2529290517.0000024E7A5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3494670162.000001551C187000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.000002289739A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/D
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comA
                                  Source: firefox.exe, 00000029.00000003.2603520047.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2534305328.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3E460 GdiplusStartup,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,DeleteObject,GdipDisposeImage,DeleteObject,ReleaseDC,GdiplusShutdown,0_2_00E3E460
                                  Source: Yara matchFile source: Process Memory Space: explorhe.exe PID: 11432, type: MEMORYSTR

                                  System Summary

                                  barindex
                                  Malicious sample detected (through community Yara rule)
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                                  Source: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe, type: DROPPEDMatched rule: Detects downloader / injector Author: ditekSHen
                                  .NET source code contains very large array initializations
                                  Source: autorun[1].exe.26.dr, TsITnRbciZYHZ37bQu.csLarge array initialization: TsITnRbciZYHZ37bQu: array initializer size 307712
                                  Source: autorun.exe.26.dr, TsITnRbciZYHZ37bQu.csLarge array initialization: TsITnRbciZYHZ37bQu: array initializer size 307712
                                  Binary is likely a compiled AutoIt script file
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2199088855.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1dc607a5-2
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2199088855.0000000003AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_7820c56e-0
                                  Source: MPGPH131.exe, 00000006.00000003.2478456732.0000000004EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5c7bfea5-3
                                  Source: MPGPH131.exe, 00000006.00000003.2478456732.0000000004EEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_d0e8339c-a
                                  Source: MPGPH131.exe, 00000007.00000003.2474169489.00000000042CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_67cdd56b-3
                                  Source: MPGPH131.exe, 00000007.00000003.2474169489.00000000042CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_8e494624-1
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2309647017.0000000000712000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_9c4ea98d-7
                                  Source: wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2309647017.0000000000712000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_fad4661b-b
                                  PE file has nameless sections
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8AD70 GetModuleHandleA,GetProcAddress,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,HeapFree,RtlFreeHeap,RtlAllocateHeap,NtQuerySystemInformation,HeapFree,GetModuleHandleA,GetProcAddress,CreateEventA,SetEvent,6_2_00B8AD70
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E420900_2_00E42090
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E520200_2_00E52020
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E763F00_2_00E763F0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E563400_2_00E56340
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EA03100_2_00EA0310
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E744B00_2_00E744B0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7A5300_2_00E7A530
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E6460C0_2_00E6460C
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E5E7800_2_00E5E780
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E948F00_2_00E948F0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3E8C00_2_00E3E8C0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E70AA00_2_00E70AA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7CAA00_2_00E7CAA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E78A200_2_00E78A20
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7ABE00_2_00E7ABE0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E9CBF00_2_00E9CBF0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E80BD00_2_00E80BD0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EA8CA00_2_00EA8CA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED8C700_2_00ED8C70
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E72C200_2_00E72C20
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E60D100_2_00E60D10
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E44F700_2_00E44F70
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E833E00_2_00E833E0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4F3800_2_00E4F380
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F193610_2_00F19361
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E654B00_2_00E654B0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E6B4600_2_00E6B460
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E9D5A00_2_00E9D5A0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EA36E00_2_00EA36E0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E836900_2_00E83690
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E496200_2_00E49620
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E937C00_2_00E937C0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED78E00_2_00ED78E0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F378DD0_2_00F378DD
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3FCB00_2_00E3FCB0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E63D400_2_00E63D40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD400_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E6BD500_2_00E6BD50
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F17EF00_2_00F17EF0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E67EE00_2_00E67EE0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7BEA00_2_00E7BEA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E87E000_2_00E87E00
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED7FD00_2_00ED7FD0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECDF600_2_00ECDF60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E95F200_2_00E95F20
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E5BF1C0_2_00E5BF1C
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED00B00_2_00ED00B0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EF00600_2_00EF0060
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F321DA0_2_00F321DA
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4A2E00_2_00E4A2E0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EE02900_2_00EE0290
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F022200_2_00F02220
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E6E2300_2_00E6E230
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F342100_2_00F34210
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED24B00_2_00ED24B0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F1E4200_2_00F1E420
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E520200_2_00E52020
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E324000_2_00E32400
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECE5900_2_00ECE590
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDC5000_2_00EDC500
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E326700_2_00E32670
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EA66500_2_00EA6650
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E526200_2_00E52620
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED87C00_2_00ED87C0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECC7BA0_2_00ECC7BA
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EE67200_2_00EE6720
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2E8C00_2_00F2E8C0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4A8100_2_00E4A810
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3C9B50_2_00E3C9B5
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED8A600_2_00ED8A60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E8EBFB0_2_00E8EBFB
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E52BB80_2_00E52BB8
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F08B000_2_00F08B00
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E6AB100_2_00E6AB10
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F20C900_2_00F20C90
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC600_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED2C600_2_00ED2C60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E8EC050_2_00E8EC05
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E82C100_2_00E82C10
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED6EA00_2_00ED6EA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F46FA90_2_00F46FA9
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F1AF300_2_00F1AF30
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECEF000_2_00ECEF00
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F0D1600_2_00F0D160
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED51100_2_00ED5110
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E352600_2_00E35260
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EEB2100_2_00EEB210
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EE73E00_2_00EE73E0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F4B3610_2_00F4B361
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E533300_2_00E53330
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3B3100_2_00E3B310
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDB4770_2_00EDB477
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED34250_2_00ED3425
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F454090_2_00F45409
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED75900_2_00ED7590
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F4D5100_2_00F4D510
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED36750_2_00ED3675
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECD7C00_2_00ECD7C0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E398500_2_00E39850
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECF9800_2_00ECF980
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E319000_2_00E31900
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E95AE10_2_00E95AE1
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3BA500_2_00E3BA50
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED1A000_2_00ED1A00
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F37C1F0_2_00F37C1F
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDBDA00_2_00EDBDA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDFD800_2_00EDFD80
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED7D600_2_00ED7D60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F1FEC00_2_00F1FEC0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E95E400_2_00E95E40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ED9F810_2_00ED9F81
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B920906_2_00B92090
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA20206_2_00BA2020
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BC63F06_2_00BC63F0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BF03106_2_00BF0310
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA63406_2_00BA6340
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BC44B06_2_00BC44B0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCA5306_2_00BCA530
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C325206_2_00C32520
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C1C6806_2_00C1C680
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BF66506_2_00BF6650
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BAE7806_2_00BAE780
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BE48F06_2_00BE48F0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8E8C06_2_00B8E8C0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C789706_2_00C78970
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BC0AA06_2_00BC0AA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCCAA06_2_00BCCAA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BC8A206_2_00BC8A20
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BECBF06_2_00BECBF0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCABE06_2_00BCABE0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BD0BD06_2_00BD0BD0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BF8CA06_2_00BF8CA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BC2C206_2_00BC2C20
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C28C706_2_00C28C70
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BB0D106_2_00BB0D10
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8AD706_2_00B8AD70
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B94F706_2_00B94F70
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C690806_2_00C69080
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BAD03D6_2_00BAD03D
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA71886_2_00BA7188
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9F3806_2_00B9F380
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BD33E06_2_00BD33E0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BB54B06_2_00BB54B0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BBB4606_2_00BBB460
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BD36906_2_00BD3690
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BF36E06_2_00BF36E0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B996206_2_00B99620
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BAD7BC6_2_00BAD7BC
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BAB7916_2_00BAB791
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C878DD6_2_00C878DD
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C278E06_2_00C278E0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8FCB06_2_00B8FCB0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BBBD506_2_00BBBD50
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BB3D406_2_00BB3D40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD406_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCBEA06_2_00BCBEA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C67EF06_2_00C67EF0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BB7EE06_2_00BB7EE0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BD7E006_2_00BD7E00
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA7E606_2_00BA7E60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BAFE4E6_2_00BAFE4E
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BE5E406_2_00BE5E40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C27FD06_2_00C27FD0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA7FD86_2_00BA7FD8
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C1DF606_2_00C1DF60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BABF1C6_2_00BABF1C
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C200B06_2_00C200B0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C400606_2_00C40060
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C821DA6_2_00C821DA
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C302906_2_00C30290
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9A2E06_2_00B9A2E0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C842106_2_00C84210
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C522206_2_00C52220
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BC04906_2_00BC0490
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C224B06_2_00C224B0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA20206_2_00BA2020
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B824006_2_00B82400
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C6E4206_2_00C6E420
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C1E5906_2_00C1E590
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C2C5006_2_00C2C500
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C726406_2_00C72640
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA26206_2_00BA2620
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B826706_2_00B82670
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C287C06_2_00C287C0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C367206_2_00C36720
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7E8C06_2_00C7E8C0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9A8106_2_00B9A810
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C2A95B6_2_00C2A95B
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C28A606_2_00C28A60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA2BB86_2_00BA2BB8
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C58B006_2_00C58B00
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C70C906_2_00C70C90
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BDECD86_2_00BDECD8
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C22C606_2_00C22C60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BD2C106_2_00BD2C10
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC606_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C26EA06_2_00C26EA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C96FA96_2_00C96FA9
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C1EF006_2_00C1EF00
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C6AF306_2_00C6AF30
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C5D1606_2_00C5D160
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C251106_2_00C25110
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C3B2106_2_00C3B210
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B852606_2_00B85260
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C373E06_2_00C373E0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA33306_2_00BA3330
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8B3106_2_00B8B310
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C2B4606_2_00C2B460
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C954096_2_00C95409
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C234256_2_00C23425
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BED5A06_2_00BED5A0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C275906_2_00C27590
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C9D5106_2_00C9D510
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C236756_2_00C23675
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C1D7C06_2_00C1D7C0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BE37C06_2_00BE37C0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B898506_2_00B89850
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C1F9806_2_00C1F980
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B819006_2_00B81900
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BE5AE16_2_00BE5AE1
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C21A006_2_00C21A00
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8BA506_2_00B8BA50
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C29BF06_2_00C29BF0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C2FD806_2_00C2FD80
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C2BDA06_2_00C2BDA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C27D606_2_00C27D60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C6FEC06_2_00C6FEC0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C29FA46_2_00C29FA4
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BE5F206_2_00BE5F20
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00C06E40 appears 36 times
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00C2BB20 appears 117 times
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00C7BAB0 appears 60 times
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: String function: 00EDBB20 appears 116 times
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: String function: 00EB6E40 appears 31 times
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: String function: 00F2BAB0 appears 60 times
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063143981.00000000007B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVBoxExtPackHelperAppJ vs SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000000.2051385683.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVBoxExtPackHelperAppJ vs SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063561330.00000000007B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVBoxExtPackHelperAppJ vs SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
                                  Source: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe, type: DROPPEDMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
                                  Source: 987123[1].exe.26.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: 987123.exe.26.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: autorun[1].exe.26.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: autorun.exe.26.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: amer[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9980332167832168
                                  Source: amer[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9953567216981132
                                  Source: amer[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9952473958333333
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: Section: ZLIB complexity 0.9980332167832168
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: Section: ZLIB complexity 0.9953567216981132
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: Section: ZLIB complexity 0.9952473958333333
                                  Source: amer[1].exe.6.drStatic PE information: Section: ZLIB complexity 0.9980332167832168
                                  Source: amer[1].exe.6.drStatic PE information: Section: ZLIB complexity 0.9953567216981132
                                  Source: amer[1].exe.6.drStatic PE information: Section: ZLIB complexity 0.9952473958333333
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: Section: ZLIB complexity 0.9980332167832168
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: Section: ZLIB complexity 0.9953567216981132
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: Section: ZLIB complexity 0.9952473958333333
                                  Source: amer[2].exe.7.drStatic PE information: Section: ZLIB complexity 0.9980332167832168
                                  Source: amer[2].exe.7.drStatic PE information: Section: ZLIB complexity 0.9953567216981132
                                  Source: amer[2].exe.7.drStatic PE information: Section: ZLIB complexity 0.9952473958333333
                                  Source: explorhe.exe.8.drStatic PE information: Section: ZLIB complexity 0.9980332167832168
                                  Source: explorhe.exe.8.drStatic PE information: Section: ZLIB complexity 0.9953567216981132
                                  Source: explorhe.exe.8.drStatic PE information: Section: ZLIB complexity 0.9952473958333333
                                  Source: zona[1].exe.26.drStatic PE information: Section: ZLIB complexity 0.9996129477896342
                                  Source: zona[1].exe.26.drStatic PE information: Section: ZLIB complexity 0.997216796875
                                  Source: zona[1].exe.26.drStatic PE information: Section: ZLIB complexity 0.9992461622807017
                                  Source: zona.exe.26.drStatic PE information: Section: ZLIB complexity 0.9996129477896342
                                  Source: zona.exe.26.drStatic PE information: Section: ZLIB complexity 0.997216796875
                                  Source: zona.exe.26.drStatic PE information: Section: ZLIB complexity 0.9992461622807017
                                  Source: autorun[1].exe.26.dr, AaKKpFYFlTUg6do124.csCryptographic APIs: 'CreateDecryptor'
                                  Source: autorun[1].exe.26.dr, AaKKpFYFlTUg6do124.csCryptographic APIs: 'CreateDecryptor'
                                  Source: autorun.exe.26.dr, AaKKpFYFlTUg6do124.csCryptographic APIs: 'CreateDecryptor'
                                  Source: autorun.exe.26.dr, AaKKpFYFlTUg6do124.csCryptographic APIs: 'CreateDecryptor'
                                  Source: firefox.exe, 00000029.00000003.2550464690.0000024E6B613000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: com.com.slN
                                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@247/607@0/99
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDE130 GetLastError,GetVersionExA,FormatMessageW,LocalFree,FormatMessageA,0_2_00EDE130
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDDA60 GetVersionExA,CreateFileW,CreateFileA,GetDiskFreeSpaceW,GetDiskFreeSpaceA,0_2_00EDDA60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3FCB0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_00E3FCB0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 CoInitializeEx,CoCreateInstance,RegCreateKeyExA,RegCreateKeyExA,RegCreateKeyExA,RegCreateKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegCreateKeyExA,CoUninitialize,0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6224:120:WilError_03
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:940:120:WilError_03
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:14224:120:WilError_03
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 1310_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 1310_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: ntdll.dll0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 44434360_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: 0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: sergersrs0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCommand line argument: gdry46450_2_00EABD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: /*************/6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: ntdll.dll6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 44434366_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: sergersrs6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 154.16.192.1936_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: gdry46456_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCommand line argument: 1316_2_00BFBD40
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2752142565.0000024E6EF19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063143981.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000000.2051336107.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063561330.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, MPGPH131.exe, 00000006.00000000.2080658369.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2661874619.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.3331552029.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000000.2081134720.0000000000CAE000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063143981.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000000.2051336107.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2063561330.00000000007B8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000000.2080658369.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.2661874619.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000002.3331552029.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000000.2081134720.0000000000CAE000.00000002.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000009.00000002.2346002414.00000000010FE000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122239017.0000000003429000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2119571296.0000000000852000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2132602643.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2121473143.000000000084E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2137931731.000000000145A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2142534050.0000000003F52000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2128833986.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2133455042.0000000003B31000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2133307309.0000000003B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
                                  Source: firefox.exe, 00000029.00000003.2749532051.0000024E6F86E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeReversingLabs: Detection: 55%
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeVirustotal: Detection: 67%
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                                  Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeJump to behavior
                                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                                  Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe"
                                  Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://instagram.com/accounts/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.paypal.com/signin
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2204,i,15729364803454474630,3851250065344724833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1992,i,6310753407935598149,17859461482613628573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2004,i,7283726857084362712,15119685456646774483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://store.steampowered.com/login
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,14378781951259307047,4188744618890532289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://steamcommunity.com/openid/loginform
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,4670160639782249315,11229613294517820312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.epicgames.com/id/login
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,12875510592016247848,9610536198439608052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeProcess created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1956,i,1362200134941538796,11659752482438541742,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,3788731305370777980,9416224067675073750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login
                                  Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=920 --field-trial-handle=1592,i,7283115601660478920,12046409174522057752,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1952,i,4953983639272391216,16835619525233672643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2064,i,1050194441771241166,153372168645923794,262144 /prefetch:3
                                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com
                                  Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:3
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2128 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3a84251-27d1-44ed-a5f3-48c6835a106c} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e5cf6d910 socket
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe"
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe"
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 1 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 21867 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4fb3dc-afa8-4648-aedc-bd5d4900ff67} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e6da77850 tab
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4052 -prefsLen 22057 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f600edd2-3f25-4a9e-99ee-ad9bdbba397b} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e69f3abd0 tab
                                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 3124 -prefsLen 30974 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc6bea7-b0de-41ac-af27-3401bf89a237} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e76be9150 tab
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6384 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -parentBuildID 20230927232528 -prefsHandle 2960 -prefMapHandle 4700 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {585c9d85-6524-4a3c-b0bb-5d4e5dd3101a} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e7535c410 rdd
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7644 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7804 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe"
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1048,i,16917586532604722924,17238789171836043011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe" Jump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe" Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe" Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe" Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe"
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeProcess created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://instagram.com/accounts/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.paypal.com/signin
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://store.steampowered.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://steamcommunity.com/openid/loginform
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.epicgames.com/id/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1992,i,6310753407935598149,17859461482613628573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2204,i,15729364803454474630,3851250065344724833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2004,i,7283726857084362712,15119685456646774483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,14378781951259307047,4188744618890532289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,4670160639782249315,11229613294517820312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,12875510592016247848,9610536198439608052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1956,i,1362200134941538796,11659752482438541742,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,3788731305370777980,9416224067675073750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=920 --field-trial-handle=1592,i,7283115601660478920,12046409174522057752,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1952,i,4953983639272391216,16835619525233672643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2064,i,1050194441771241166,153372168645923794,262144 /prefetch:3
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:3
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6384 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7644 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7804 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2128 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3a84251-27d1-44ed-a5f3-48c6835a106c} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e5cf6d910 socket
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 1 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 21867 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4fb3dc-afa8-4648-aedc-bd5d4900ff67} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e6da77850 tab
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4052 -prefsLen 22057 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f600edd2-3f25-4a9e-99ee-ad9bdbba397b} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e69f3abd0 tab
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 3124 -prefsLen 30974 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc6bea7-b0de-41ac-af27-3401bf89a237} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e76be9150 tab
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -parentBuildID 20230927232528 -prefsHandle 2960 -prefMapHandle 4700 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {585c9d85-6524-4a3c-b0bb-5d4e5dd3101a} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e7535c410 rdd
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1048,i,16917586532604722924,17238789171836043011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32
                                  Source: Google Drive.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: YouTube.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Sheets.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Gmail.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Slides.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Docs.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Window RecorderWindow detected: More than 3 window changes detected
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic file information: File size 1509376 > 1048576
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x12c800
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                  Source: Binary string: Environment.pdb source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                  Data Obfuscation

                                  barindex
                                  Detected unpacking (changes PE section rights)
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeUnpacked PE file: 8.2.ItBcnKyTYzzcux4XTo2S.exe.d10000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeUnpacked PE file: 26.2.explorhe.exe.c0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeUnpacked PE file: 46.2.RN_rIK_rAnb45b13yJFN.exe.cf0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeUnpacked PE file: 47.2.RN_rIK_rAnb45b13yJFN.exe.cf0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeUnpacked PE file: 57.2.explorhe.exe.c0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;
                                  .NET source code contains method to dynamically call methods (often used by packers)
                                  Source: autorun[1].exe.26.dr, AaKKpFYFlTUg6do124.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                                  Source: autorun.exe.26.dr, AaKKpFYFlTUg6do124.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                                  Contains functionality to check for running processes (XOR)
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_00E3FCB0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetModuleHandleA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,0_2_00E3BA50
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,6_2_00B8FCB0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetModuleHandleA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,6_2_00B8BA50
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7A530 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_00E7A530
                                  Source: initial sampleStatic PE information: section where entry point is pointing to: .data
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: amer[1].exe.6.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: amer[2].exe.7.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: explorhe.exe.8.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona[1].exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: zona.exe.26.drStatic PE information: section name:
                                  Source: gmpopenh264.dll.tmp.41.drStatic PE information: section name: .rodata
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EC2FC2 push 59000681h; ret 0_2_00EC2FC9
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2B677 push ecx; ret 0_2_00F2B68A
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C12FC2 push 59000681h; ret 6_2_00C12FC9
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7B677 push ecx; ret 6_2_00C7B68A
                                  Source: amer[1].exe.0.drStatic PE information: section name: entropy: 7.997552851588918
                                  Source: amer[1].exe.0.drStatic PE information: section name: entropy: 7.986630937640131
                                  Source: amer[1].exe.0.drStatic PE information: section name: entropy: 7.155033533555756
                                  Source: amer[1].exe.0.drStatic PE information: section name: entropy: 7.978657373889132
                                  Source: amer[1].exe.0.drStatic PE information: section name: .data entropy: 7.975130131943865
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name: entropy: 7.997552851588918
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name: entropy: 7.986630937640131
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name: entropy: 7.155033533555756
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name: entropy: 7.978657373889132
                                  Source: ItBcnKyTYzzcux4XTo2S.exe.0.drStatic PE information: section name: .data entropy: 7.975130131943865
                                  Source: amer[1].exe.6.drStatic PE information: section name: entropy: 7.997552851588918
                                  Source: amer[1].exe.6.drStatic PE information: section name: entropy: 7.986630937640131
                                  Source: amer[1].exe.6.drStatic PE information: section name: entropy: 7.155033533555756
                                  Source: amer[1].exe.6.drStatic PE information: section name: entropy: 7.978657373889132
                                  Source: amer[1].exe.6.drStatic PE information: section name: .data entropy: 7.975130131943865
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name: entropy: 7.997552851588918
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name: entropy: 7.986630937640131
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name: entropy: 7.155033533555756
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name: entropy: 7.978657373889132
                                  Source: RN_rIK_rAnb45b13yJFN.exe.7.drStatic PE information: section name: .data entropy: 7.975130131943865
                                  Source: amer[2].exe.7.drStatic PE information: section name: entropy: 7.997552851588918
                                  Source: amer[2].exe.7.drStatic PE information: section name: entropy: 7.986630937640131
                                  Source: amer[2].exe.7.drStatic PE information: section name: entropy: 7.155033533555756
                                  Source: amer[2].exe.7.drStatic PE information: section name: entropy: 7.978657373889132
                                  Source: amer[2].exe.7.drStatic PE information: section name: .data entropy: 7.975130131943865
                                  Source: explorhe.exe.8.drStatic PE information: section name: entropy: 7.997552851588918
                                  Source: explorhe.exe.8.drStatic PE information: section name: entropy: 7.986630937640131
                                  Source: explorhe.exe.8.drStatic PE information: section name: entropy: 7.155033533555756
                                  Source: explorhe.exe.8.drStatic PE information: section name: entropy: 7.978657373889132
                                  Source: explorhe.exe.8.drStatic PE information: section name: .data entropy: 7.975130131943865
                                  Source: 987123[1].exe.26.drStatic PE information: section name: .text entropy: 7.7218578464508045
                                  Source: 987123.exe.26.drStatic PE information: section name: .text entropy: 7.7218578464508045
                                  Source: zona[1].exe.26.drStatic PE information: section name: entropy: 7.999517490680805
                                  Source: zona[1].exe.26.drStatic PE information: section name: entropy: 7.996248872606899
                                  Source: zona[1].exe.26.drStatic PE information: section name: entropy: 7.269874725574183
                                  Source: zona[1].exe.26.drStatic PE information: section name: entropy: 7.992558402815046
                                  Source: zona[1].exe.26.drStatic PE information: section name: .data entropy: 7.966091798160799
                                  Source: zona.exe.26.drStatic PE information: section name: entropy: 7.999517490680805
                                  Source: zona.exe.26.drStatic PE information: section name: entropy: 7.996248872606899
                                  Source: zona.exe.26.drStatic PE information: section name: entropy: 7.269874725574183
                                  Source: zona.exe.26.drStatic PE information: section name: entropy: 7.992558402815046
                                  Source: zona.exe.26.drStatic PE information: section name: .data entropy: 7.966091798160799
                                  Source: autorun[1].exe.26.drStatic PE information: section name: .text entropy: 7.881952677820857
                                  Source: autorun.exe.26.drStatic PE information: section name: .text entropy: 7.881952677820857
                                  Source: autorun[1].exe.26.dr, AaKKpFYFlTUg6do124.csHigh entropy of concatenated method names: 'HxiaS3suFi', 'nW4lBacjpc', 'RhtauXCTpS', 'fhNa2hS7Ku', 'N3IaykJdlr', 'ATaaqT3SpG', 'ALsF2tbbQX', 'oqtgAj5O4', 'AguBUkQFd', 'ydFN0MsLF'
                                  Source: autorun.exe.26.dr, AaKKpFYFlTUg6do124.csHigh entropy of concatenated method names: 'HxiaS3suFi', 'nW4lBacjpc', 'RhtauXCTpS', 'fhNa2hS7Ku', 'N3IaykJdlr', 'ATaaqT3SpG', 'ALsF2tbbQX', 'oqtgAj5O4', 'AguBUkQFd', 'ydFN0MsLF'
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\go[2].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Temp\1000392001\liva.exeJump to dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dllJump to dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\go[1].exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Temp\1000389001\987123.exeJump to dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\amer[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Temp\1000391001\zona.exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\amer[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\zona[1].exeJump to dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\amer[2].exeJump to dropped file
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\go[1].exeJump to dropped file
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
                                  Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\autorun[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\kkxxx[1].exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Temp\1000384001\autorun.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\987123[1].exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file

                                  Boot Survival

                                  barindex
                                  Creates an undocumented autostart registry key
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup
                                  Creates multiple autostart registry keys
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zona.exe
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run liva.exe
                                  Uses schtasks.exe or at.exe to add and modify task schedules
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zona.exe
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zona.exe
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run liva.exe
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run liva.exe
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECE590 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00ECE590
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess information set: NOOPENFILEERRORBOX

                                  Malware Analysis System Evasion

                                  barindex
                                  Found API chain indicative of sandbox detection
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleep
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleepgraph_0-119899
                                  Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvasive API call chain: GetPEB, DecisionNodes, Sleep
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_0-119900
                                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLA
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,0_2_00EABB80
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,6_2_00BFBB80
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeWindow / User API: threadDelayed 2102
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeWindow / User API: threadDelayed 4270
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeWindow / User API: threadDelayed 1864
                                  Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 9993
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\zona[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\autorun[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\kkxxx[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000384001\autorun.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000389001\987123.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000391001\zona.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\987123[1].exeJump to dropped file
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-116798
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe TID: 4320Thread sleep count: 77 > 30Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 14016Thread sleep count: 2102 > 30
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 14016Thread sleep time: -2102000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 14000Thread sleep count: 4270 > 30
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 14000Thread sleep time: -4270000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 14020Thread sleep count: 1864 > 30
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 14020Thread sleep time: -1864000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 11436Thread sleep count: 328 > 30
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 11436Thread sleep time: -9840000s >= -30000s
                                  Source: C:\Windows\SysWOW64\rundll32.exe TID: 9516Thread sleep count: 9993 > 30
                                  Source: C:\Windows\SysWOW64\rundll32.exe TID: 9516Thread sleep time: -9993000s >= -30000s
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                                  Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDDFC0 GetSystemTime followed by cmp: cmp eax, 04h and CTI: jc 00EDE001h0_2_00EDDFC0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C2DFC0 GetSystemTime followed by cmp: cmp eax, 04h and CTI: jc 00C2E001h6_2_00C2DFC0
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile Volume queried: C:\ FullSizeInformation
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E42090 CreateDirectoryA,FindFirstFileA,GetLastError,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,SHGetFolderPathA,GetFileAttributesA,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,__Mtx_unlock,0_2_00E42090
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7CAA0 SHGetFolderPathA,GetFileAttributesA,GetLastError,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CopyFileA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,CopyFileA,__Mtx_unlock,__Mtx_unlock,0_2_00E7CAA0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F29505 FindClose,FindFirstFileExW,GetLastError,0_2_00F29505
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3DC90 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,__Mtx_unlock,0_2_00E3DC90
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F48980 FindFirstFileExW,0_2_00F48980
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7F3A0 FindFirstFileA,0_2_00E7F3A0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2958B GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_00F2958B
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B92090 CreateDirectoryA,FindFirstFileA,GetLastError,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,SHGetFolderPathA,GetFileAttributesA,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,__Mtx_unlock,6_2_00B92090
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCCAA0 SHGetFolderPathA,GetFileAttributesA,GetLastError,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CopyFileA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,CopyFileA,__Mtx_unlock,__Mtx_unlock,6_2_00BCCAA0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C79505 FindClose,recv,FindFirstFileExW,GetLastError,6_2_00C79505
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA7A14 FindFirstFileA,FindNextFileA,GetLastError,FindClose,6_2_00BA7A14
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B8DC90 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,__Mtx_unlock,6_2_00B8DC90
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C98980 FindFirstFileExW,6_2_00C98980
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BCF3A0 FindFirstFileA,6_2_00BCF3A0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7958B GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,6_2_00C7958B
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3FCB0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_00E3FCB0
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeThread delayed: delay time: 30000
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\Documents\desktop.ini
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\AppData\Local\Temp
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\AppData
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\AppData\Local
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeFile opened: C:\Users\user\Desktop\desktop.ini
                                  Source: MPGPH131.exe, 00000007.00000003.2182077409.0000000003BD6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}a42MAAA==","variations_config_ids":"{\"ECS\":\"P-R-1082570-1-11,P-D-42388-2-6\",\"Edge\":\"P-X-1120013-2-10,P-X-1125583-1-3,P-X-1113896-1-5,P-X-1084361-3-6,P-X-1091846-2-53,P-X-1075988-3-16,P-X-1109015-2-6,P-X-1074611-2-6,P-X-1112962-1-3,P-X-1028231-15-52,P-X-1087217-10-23,P-X-1110552-2-3,P-X-1108288-1-7,P-X-1100779-2-7,P-X-1092122-2-9,P-X-1096650-2-6,P-X-1105131-2-6,P-X-1097232-3-13,P-X-1104872-1-9,P-X-1103964-2-3,P-X-1099080-1-9,P-X-1089758-2-11,P-X-1102990-2-3,P-X-1102008-2-7,P-X-1063575-3-11,P-X-1102153-2-4,P-X-1071006-1-5,P-X-1100769-1-3,P-X-1099659-1-3,P-X-1095668-2-7,P-X-1097226-1-5,P-X-1083898-4-17,P-X-1095524-1-3,P-X-1063514-2-6,P-X-1094047-1-6,P-X-1092821-2-3,P-X-1092738-2-3,P-X-1092158-1-3,P-X-1068889-5-13,P-X-1086546-21-84,P-X-1091091-2-4,P-X-1089774-2-7,P-X-1089256-2-5,P-X-1089119-2-6,P-X-1013679-1-5,P-X-1087661-2-6,P-X-1085156-1-3,P-X-1082985-5-11,P-X-1082074-3-7,P-X-1047521-4-21,P-X-1080712-1-5,P-X-1079473-2-6,P-X-1048662-1-13,P-X-1077532-1-5,P-X-1077147-1-9,P-X-1077361-1-3,P-X-1056699-36-118,P-X-1067018-2-4,P-X-1043380-1-18,P-X-1071593-2-4,P-X-1070560-4-8,P-X-1070133-1-6,P-X-1070026-3-7,P-X-1056537-1-9,P-X-1067718-1-3,P-X-1066229-1-7,P-X-1050101-1-9,P-X-1061902-3-17,P-X-1053062-1-5,P-X-1058142-1-7,P-X-1059966-1-9,P-X-1052772-23-44,P-X-1043219-25-50,P-X-1054089-1-3,P-X-1052254-4-10,P-X-1021723-3-16,P-X-1048870-3-8,P-X-1048071-1-5,P-X-1047513-1-5,P-X-1026324-3-20,P-X-1010579-1-9,P-X-1008556-23-99,P-X-1037615-1-7,P-X-1006190-9-15,P-X-1036081-1-3,P-X-1027402-7-15,P-X-1020537-2-6,P-X-1012411-2-9,P-X-100876-37-228,P-X-117040-1-5,P-X-113035-2-9,P-X-97954-9-89,P-X-91270-7-51,P-R-1089873-14-4,P-R-1080087-6-13,P-R-1075857-18-21,P-R-1068861-4-10,P-R-1047495-8-15,P-R-1044077-26-18,P-R-1008497-12-13,P-R-87486-2-16,P-R-86300-4-56,P-R-83096-12-34,P-R-67067-6-47,gb1ee141:447804,3j0gg466:431877,resetbing:447060,c1
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWu
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWz
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: #Windows 10 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Microsoft Hyper-V Server
                                  Source: firefox.exe, 00000029.00000003.2344662681.0000024E5FB74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2350878924.0000024E5FB74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2332424806.0000024E5FB74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2344408660.0000024E5FB74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2242173667.0000000003434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696428
                                  Source: MPGPH131.exe, 00000007.00000002.3340182809.0000000003BC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}T
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000002.3333189112.0000000000E97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,116968G
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+q
                                  Source: RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: vmware
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ebrokers.co.inVMware20,11696428655d
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
                                  Source: firefox.exe, 0000002D.00000002.4894532656.000001E85F310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlljBf
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: "Windows 8 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
                                  Source: firefox.exe, 00000032.00000002.4888009316.0000022892189000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                                  Source: RageMP131.exe, 00000020.00000003.2304999739.0000000000B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,116
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DetectVirtualMachine
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Hyper-V (guest)
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                                  Source: firefox.exe, 0000002D.00000002.4868568870.000001E85EDDA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW-QS
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s.portal.azure.comVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Microsoft Hyper-V Server
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EDC000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.000000000028C000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000EBC000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000EBC000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: ~VirtualMachineTypes
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nickname.utiitsl.comVMware20,1169642865(P
                                  Source: explorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.3306748039.00000000013B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <Module>latestrocki.exeProgramStubWriterRunnerRunTimeAntiAntismscorlibSystemObjectdelaydelayTimeantiVMantiSandboxantiDebugantiEmulatorenablePersistenceenableFakeErrorencryptTypecompressedcversSystem.Collections.GenericList`1fileNamesfileTypesfileRunTypesfileDropPathsMainDecompressEncryptOrDecryptXORDecryptEncryptInitalizeIEnumerable`1EncryptOutputSwapGetResourceRunOnStartup.ctorWriteAllBytesExecuteDetectVirtualMachineGetModuleHandleDetectSandboxieCheckRemoteDebuggerPresentDetectDebuggerCheckEmulatordatatextkeysijfileregNameAppPathHidefileBytesfinalPathpathrunTypelpModuleNamehProcessisDebuggerPresentSystem.ReflectionAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeAssemblyFileVersionAttributeAssemblyVersionAttributeSystem.Runtime.InteropServicesComVisibleAttributeGuidAttributeSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributelatestrockiEnvironmentExitSystem.ThreadingThreadSleepget_ItemStringop_EqualitySystem.TextEncodingget_UnicodeGetBytesConcatSystem.IOPathCombineget_CountMemoryStreamSystem.IO.CompressionDeflateStreamStreamCompressionModeCopyToIDisposableDisposeToArrayByteSystem.CoreSystem.LinqEnumerable<EncryptInitalize>b__0Func`2CS$<>9__CachedAnonymousMethodDelegate1CompilerGeneratedAttributeRangeSelect<>c__DisplayClass3<EncryptOutput>b__2bAssemblyGetExecutingAssemblySystem.ResourcesResourceManagerGetObjectAppDomainget_CurrentDomainget_FriendlyNameFileExistsGetEntryAssemblyget_Locationop_InequalityCopyFileAttributesGetAttributesSetAttributesMicrosoft.Win32RegistryRegistryKeyLocalMachineget_UTF8GetStringOpenSubKeySetValueCurrentUserException.cctorConvertFromBase64StringAddGetTempPathSystem.DiagnosticsProcessProcessStartInfoget_StartInfoset_FileNameStartSystem.ManagementManagementObjectSearcherManagementObjectCollectionGetManagementObjectEnumeratorGetEnumeratorManagementBaseObjectget_CurrentToStringToLowerToUpperInvariantContainsMoveNextDllImportAttributekernel32.dllIntPtrToInt32GetCurrentProcessget_HandleDateTimeget_Nowget_Tickslgraf5nifzt.resources
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EDC000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.000000000028C000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000EBC000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000EBC000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EDC000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.000000000028C000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000EBC000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000EBC000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: )Windows 8 Server Standard without Hyper-V
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.000000000137D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000Q
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: billing_address_id.comVMware20,11696428
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
                                  Source: RageMP131.exe, 00000020.00000002.2410920790.00000000008FC000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: %Windows 2012 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: $Windows 8.1 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: ,Windows 2012 Server Standard without Hyper-V
                                  Source: MPGPH131.exe, 00000006.00000002.2666359935.000000000137D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxF>
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Microsoft Hyper-V Server
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: y\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3333189112.0000000000E97000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.2346502706.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.2346502706.0000000001318000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000002.4880021565.000000000134D000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000003.2646646509.000000000136D000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000001A.00000002.4880021565.000000000136D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
                                  Source: firefox.exe, 0000002D.00000002.4891116618.000001E85F215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3486001209.000001551BEBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4899430726.00000228971AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
                                  Source: RageMP131.exe, 00000020.00000003.2304999739.0000000000B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: firefox.exe, 00000030.00000002.3480576444.0000015517030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: %Windows 2016 Microsoft Hyper-V Server
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: +Windows 8.1 Server Standard without Hyper-V
                                  Source: firefox.exe, 00000030.00000002.3480576444.0000015517030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .utiitsl.comVMware20,1169642865(P
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ra Change Transaction PasswordVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                                  Source: RageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
                                  Source: RageMP131.exe, 00000009.00000002.2341468652.0000000000D3C000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f563
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
                                  Source: MPGPH131.exe, 00000006.00000003.2177001287.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}rtnameoelhd
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}z
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: ,Windows 2016 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2177221638.0000000003BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
                                  Source: MPGPH131.exe, 00000007.00000003.2170240148.0000000003BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
                                  Source: firefox.exe, 00000029.00000003.2344408660.0000024E5FBB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2344662681.0000024E5FBB6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4894532656.000001E85F310000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4888009316.0000022892189000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                  Source: RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: VBoxService.exe
                                  Source: firefox.exe, 00000029.00000003.2344662681.0000024E5FB74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2344408660.0000024E5FB74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW==ou
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2242173667.0000000003434000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Hyper-VU
                                  Source: firefox.exe, 00000032.00000002.4879664847.0000022891A9A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000038.00000002.4858311476.000000000056A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: *Windows 10 Server Standard without Hyper-V
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
                                  Source: RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: VMWare
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
                                  Source: RageMP131.exe, 00000009.00000002.2346502706.00000000012CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                                  Source: ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000D80000.00000040.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.0000000000130000.00000040.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000D60000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000D60000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess information queried: ProcessInformationJump to behavior

                                  Anti Debugging

                                  barindex
                                  Hides threads from debuggers
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeThread information set: HideFromDebugger
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess queried: DebugPort
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F30184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F30184
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 SetUnhandledExceptionFilter,LoadLibraryA,LoadLibraryA,CreateThread,FindCloseChangeNotification,Sleep,GetTempPathA,CreateDirectoryA,CreateDirectoryA,Sleep,CreateDirectoryA,SetCurrentDirectoryA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,WSACleanup,Sleep,Sleep,Sleep,GetModuleHandleA,GetProcAddress,GetCurrentProcess,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,CloseHandle,DeleteFileA,Sleep,OutputDebugStringA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,Sleep,0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E7A530 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_00E7A530
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABB80 mov eax, dword ptr fs:[00000030h]0_2_00EABB80
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABB80 mov eax, dword ptr fs:[00000030h]0_2_00EABB80
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov ecx, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 mov eax, dword ptr fs:[00000030h]0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E56850 mov eax, dword ptr fs:[00000030h]0_2_00E56850
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4AC60 mov eax, dword ptr fs:[00000030h]0_2_00E4AC60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E49EC0 mov eax, dword ptr fs:[00000030h]0_2_00E49EC0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBB80 mov eax, dword ptr fs:[00000030h]6_2_00BFBB80
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBB80 mov eax, dword ptr fs:[00000030h]6_2_00BFBB80
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov ecx, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 mov eax, dword ptr fs:[00000030h]6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA6850 mov eax, dword ptr fs:[00000030h]6_2_00BA6850
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B9AC60 mov eax, dword ptr fs:[00000030h]6_2_00B9AC60
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00B99EC0 mov eax, dword ptr fs:[00000030h]6_2_00B99EC0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00ECE4B0 CharNextA,CharNextA,CharNextA,CharNextA,lstrlenA,GetProcessHeap,GetProcessHeap,HeapAlloc,lstrcpynA,GetProcessHeap,HeapFree,0_2_00ECE4B0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EABD40 SetUnhandledExceptionFilter,LoadLibraryA,LoadLibraryA,CreateThread,FindCloseChangeNotification,Sleep,GetTempPathA,CreateDirectoryA,CreateDirectoryA,Sleep,CreateDirectoryA,SetCurrentDirectoryA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,WSACleanup,Sleep,Sleep,Sleep,GetModuleHandleA,GetProcAddress,GetCurrentProcess,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,CloseHandle,DeleteFileA,Sleep,OutputDebugStringA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,Sleep,0_2_00EABD40
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F30184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F30184
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2B8A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F2B8A4
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2BA37 SetUnhandledExceptionFilter,0_2_00F2BA37
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2BC4D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F2BC4D
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BFBD40 SetUnhandledExceptionFilter,LoadLibraryA,LoadLibraryA,CreateThread,FindCloseChangeNotification,Sleep,GetTempPathA,CreateDirectoryA,CreateDirectoryA,Sleep,CreateDirectoryA,SetCurrentDirectoryA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,WSACleanup,Sleep,Sleep,Sleep,GetModuleHandleA,GetProcAddress,GetCurrentProcess,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,CloseHandle,DeleteFileA,Sleep,OutputDebugStringA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,Sleep,6_2_00BFBD40
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C80184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00C80184
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7B8A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00C7B8A4
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7BA37 SetUnhandledExceptionFilter,6_2_00C7BA37
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C7BC4D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00C7BC4D

                                  HIPS / PFW / Operating System Protection Evasion

                                  barindex
                                  System process connects to network (likely due to code injection or exploit)
                                  Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.215.113.68 80
                                  Contains functionality to inject threads in other processes
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E51C30 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_00E51C30
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00BA1C30 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,6_2_00BA1C30
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe" Jump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe "C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe" Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe" Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe" Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe"
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeProcess created: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe "C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exeProcess created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://instagram.com/accounts/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.paypal.com/signin
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://store.steampowered.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://steamcommunity.com/openid/loginform
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.epicgames.com/id/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                                  Source: C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exeProcess created: unknown unknown
                                  Source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2199088855.0000000003AE5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2478456732.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2474169489.00000000042CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F2B4A3 cpuid 0_2_00F2B4A3
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_00E3FCB0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00F4C044
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoW,0_2_00F4C14A
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00F4C220
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: EnumSystemLocalesW,0_2_00F427E1
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoW,0_2_00F42D64
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00F4B8AB
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00F2984F
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoW,0_2_00F4BAB0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: EnumSystemLocalesW,0_2_00F4BBA2
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: EnumSystemLocalesW,0_2_00F4BB57
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00F4BCC8
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: EnumSystemLocalesW,0_2_00F4BC3D
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: GetLocaleInfoW,0_2_00F4BF1B
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,6_2_00B8FCB0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00C9C044
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00C9C14A
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00C9C220
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00C927E1
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00C92D64
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,6_2_00C9B8AB
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoEx,FormatMessageA,6_2_00C7984F
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00C9BAB0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00C9BBA2
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00C9BB57
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00C9BCC8
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_00C9BC3D
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_00C9BF1B
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000382001\gold.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000383001\flesh.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000384001\autorun.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000384001\autorun.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000386001\leg.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000387001\322321.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000388001\Rdx1.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000389001\987123.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000389001\987123.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000391001\zona.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000391001\zona.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000392001\liva.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000392001\liva.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000393001\data.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E3FCB0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,0_2_00E3FCB0
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00E4F380 GetModuleFileNameA,GetUserNameA,__Mtx_unlock,0_2_00E4F380
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00F44AB3 GetTimeZoneInformation,0_2_00F44AB3
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeCode function: 0_2_00EDDA60 GetVersionExA,CreateFileW,CreateFileA,GetDiskFreeSpaceW,GetDiskFreeSpaceA,0_2_00EDDA60
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                  Stealing of Sensitive Information

                                  barindex
                                  Yara detected Amadeys Clipper DLL
                                  Source: Yara matchFile source: 56.2.rundll32.exe.6ca40000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll, type: DROPPED
                                  Yara detected Amadeys stealer DLL
                                  Source: Yara matchFile source: 26.2.explorhe.exe.c0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 47.2.RN_rIK_rAnb45b13yJFN.exe.cf0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 56.2.rundll32.exe.6ca40000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 46.2.RN_rIK_rAnb45b13yJFN.exe.cf0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 57.2.explorhe.exe.c0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 8.2.ItBcnKyTYzzcux4XTo2S.exe.d10000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0000002F.00000002.2667619172.0000000000CF1000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000038.00000002.4863465442.000000006CA41000.00000020.00000001.01000000.00000015.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000008.00000002.2299329499.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000039.00000002.2659905595.00000000000C1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000002E.00000002.2671031545.0000000000CF1000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001A.00000002.4853119184.00000000000C1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll, type: DROPPED
                                  Yara detected RisePro Stealer
                                  Source: Yara matchFile source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, type: SAMPLE
                                  Source: Yara matchFile source: 7.0.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.0.SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe.e30000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 9.0.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 6.0.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 9.2.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 7.2.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe.e30000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 6.2.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 32.2.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 32.0.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 6.2.MPGPH131.exe.1433d6d.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000007.00000002.3333189112.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000006.00000002.2666359935.000000000143F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.2242173667.0000000003417000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe PID: 6156, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1772, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1100, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 9336, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 12192, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\fEMM7MXc0YqyJawkJDze71X6lYIiC_Ic.zip, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Skk_NXN64QjDo1ESm8EmS3Tz8c2DGmsi.zip, type: DROPPED
                                  Source: Yara matchFile source: C:\ProgramData\MPGPH131\MPGPH131.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000392001\liva.exe, type: DROPPED
                                  Found many strings related to Crypto-Wallets (likely being stolen)
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Jaxx\Local Storage
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\wallets
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance\app-store.json
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\wallets
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                  Source: MPGPH131.exe, 00000006.00000003.2176673162.0000000004135000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet
                                  Source: firefox.exe, 00000029.00000003.2662864017.0000024E7A29D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: OSKeyStore
                                  Tries to harvest and steal browser information (history, passwords, etc)
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\formhistory.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LocalPrefs.jsonJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\places.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\signons.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\logins.jsonJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\signons.sqliteJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\cookies.sqliteJump to behavior
                                  Tries to steal Mail credentials (via file / registry access)
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                                  Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1772, type: MEMORYSTR

                                  Remote Access Functionality

                                  barindex
                                  Yara detected RisePro Stealer
                                  Source: Yara matchFile source: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, type: SAMPLE
                                  Source: Yara matchFile source: 7.0.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.0.SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe.e30000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 9.0.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 6.0.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 9.2.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 7.2.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe.e30000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 6.2.MPGPH131.exe.b80000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 32.2.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 32.0.RageMP131.exe.fd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 6.2.MPGPH131.exe.1433d6d.1.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000007.00000002.3333189112.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000006.00000002.2666359935.000000000143F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.2242173667.0000000003417000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe PID: 6156, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1772, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 1100, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 9336, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 12192, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\fEMM7MXc0YqyJawkJDze71X6lYIiC_Ic.zip, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Skk_NXN64QjDo1ESm8EmS3Tz8c2DGmsi.zip, type: DROPPED
                                  Source: Yara matchFile source: C:\ProgramData\MPGPH131\MPGPH131.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1000392001\liva.exe, type: DROPPED

                                  Mitre Att&ck Matrix

                                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
                                  Valid Accounts12
                                  Native API                                  		1
                                  Scheduled Task/Job                                  		1
                                  Extra Window Memory Injection                                  		11
                                  Deobfuscate/Decode Files or Information                                  		1
                                  OS Credential Dumping                                  		12
                                  System Time Discovery                                  		Remote Services11
                                  Archive Collected Data                                  		Exfiltration Over Other Network Medium1
                                  Ingress Tool Transfer                                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
                                  Default Accounts3
                                  Command and Scripting Interpreter                                  		211
                                  Registry Run Keys / Startup Folder                                  		212
                                  Process Injection                                  		3
                                  Obfuscated Files or Information                                  		LSASS Memory1
                                  Account Discovery                                  		Remote Desktop Protocol2
                                  Data from Local System                                  		Exfiltration Over Bluetooth2
                                  Encrypted Channel                                  		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
                                  Domain Accounts1
                                  Scheduled Task/Job                                  		Logon Script (Windows)1
                                  Scheduled Task/Job                                  		23
                                  Software Packing                                  		Security Account Manager3
                                  File and Directory Discovery                                  		SMB/Windows Admin Shares1
                                  Screen Capture                                  		Automated Exfiltration1
                                  Application Layer Protocol                                  		Data Encrypted for ImpactDNS ServerEmail Addresses
                                  Local AccountsCronLogin Hook211
                                  Registry Run Keys / Startup Folder                                  		1
                                  Extra Window Memory Injection                                  		NTDS48
                                  System Information Discovery                                  		Distributed Component Object Model1
                                  Email Collection                                  		Traffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
                                  Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                  Masquerading                                  		LSA Secrets1
                                  Query Registry                                  		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
                                  Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts221
                                  Virtualization/Sandbox Evasion                                  		Cached Domain Credentials451
                                  Security Software Discovery                                  		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
                                  External Remote ServicesSystemd TimersStartup ItemsStartup Items212
                                  Process Injection                                  		DCSync221
                                  Virtualization/Sandbox Evasion                                  		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
                                  Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                  Rundll32                                  		Proc Filesystem13
                                  Process Discovery                                  		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
                                  Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                                  Application Window Discovery                                  		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology
                                  Supply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                                  System Owner/User Discovery                                  		Shared WebrootLocal Data StagingExfiltration Over Asymmetric Encrypted Non-C2 ProtocolFile Transfer ProtocolsExternal DefacementCompromise InfrastructureIP Addresses

                                  Behavior Graph

                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1376083 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 17/01/2024 Architecture: WINDOWS Score: 100 150 Found malware configuration 2->150 152 Malicious sample detected (through community Yara rule) 2->152 154 Antivirus detection for URL or domain 2->154 156 11 other signatures 2->156 9 SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe 1 95 2->9         started        14 MPGPH131.exe 83 2->14         started        16 MPGPH131.exe 83 2->16         started        18 5 other processes 2->18 process3 dnsIp4 134 185.215.113.68 WHOLESALECONNECTIONSNL Portugal 9->134 136 109.107.182.3 TELEPORT-TV-ASRU Russian Federation 9->136 138 2 other IPs or domains 9->138 90 C:\Users\user\...\wSEyOaXu6NUnyNwmSKqM.exe, PE32 9->90 dropped 92 C:\Users\user\...\ItBcnKyTYzzcux4XTo2S.exe, PE32 9->92 dropped 94 C:\Users\user\AppData\Local\...\RageMP131.exe, PE32 9->94 dropped 102 4 other malicious files 9->102 dropped 166 Contains functionality to check for running processes (XOR) 9->166 168 Binary is likely a compiled AutoIt script file 9->168 170 Tries to steal Mail credentials (via file / registry access) 9->170 182 5 other signatures 9->182 20 ItBcnKyTYzzcux4XTo2S.exe 9->20         started        24 wSEyOaXu6NUnyNwmSKqM.exe 9->24         started        37 2 other processes 9->37 96 C:\Users\user\AppData\Local\...\go[2].exe, PE32 14->96 dropped 104 2 other malicious files 14->104 dropped 172 Multi AV Scanner detection for dropped file 14->172 174 Machine Learning detection for dropped file 14->174 176 Found many strings related to Crypto-Wallets (likely being stolen) 14->176 26 RN_rIK_rAnb45b13yJFN.exe 14->26         started        28 8HpbF7lR86IQN_gPKFmq.exe 14->28         started        98 C:\Users\user\...\RN_rIK_rAnb45b13yJFN.exe, PE32 16->98 dropped 100 C:\Users\user\...\8HpbF7lR86IQN_gPKFmq.exe, PE32 16->100 dropped 106 2 other malicious files 16->106 dropped 178 Tries to harvest and steal browser information (history, passwords, etc) 16->178 30 RN_rIK_rAnb45b13yJFN.exe 16->30         started        32 8HpbF7lR86IQN_gPKFmq.exe 16->32         started        180 Hides threads from debuggers 18->180 34 firefox.exe 18->34         started        39 5 other processes 18->39 file5 signatures6 process7 dnsIp8 84 C:\Users\user\AppData\Local\...\explorhe.exe, PE32 20->84 dropped 158 Detected unpacking (changes PE section rights) 20->158 160 Hides threads from debuggers 20->160 41 explorhe.exe 20->41         started        162 Binary is likely a compiled AutoIt script file 24->162 46 chrome.exe 24->46         started        48 chrome.exe 24->48         started        50 chrome.exe 24->50         started        54 10 other processes 24->54 52 chrome.exe 28->52         started        56 2 other processes 32->56 116 35.81.110.220 MERIT-AS-14US United States 34->116 118 142.250.80.42 GOOGLEUS United States 34->118 124 13 other IPs or domains 34->124 86 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 34->86 dropped 88 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 34->88 dropped 164 Found many strings related to Crypto-Wallets (likely being stolen) 34->164 58 5 other processes 34->58 60 2 other processes 37->60 120 13.107.21.200 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 39->120 122 13.107.21.239 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 39->122 126 18 other IPs or domains 39->126 file9 signatures10 process11 dnsIp12 140 107.151.245.75 VPSQUANUS United States 41->140 142 192.185.223.216 UNIFIEDLAYER-AS-1US United States 41->142 148 3 other IPs or domains 41->148 108 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 41->108 dropped 110 C:\Users\user\AppData\Local\Temp\...\liva.exe, PE32 41->110 dropped 112 C:\Users\user\AppData\Local\Temp\...\zona.exe, PE32 41->112 dropped 114 11 other malicious files 41->114 dropped 184 Detected unpacking (changes PE section rights) 41->184 186 Creates an undocumented autostart registry key 41->186 188 Creates multiple autostart registry keys 41->188 190 2 other signatures 41->190 62 rundll32.exe 41->62         started        65 schtasks.exe 41->65         started        144 192.168.2.5 unknown unknown 46->144 146 239.255.255.250 unknown Reserved 46->146 67 chrome.exe 46->67         started        70 chrome.exe 48->70         started        72 chrome.exe 50->72         started        74 chrome.exe 54->74         started        76 chrome.exe 54->76         started        80 6 other processes 54->80 78 chrome.exe 56->78         started        file13 signatures14 process15 dnsIp16 192 System process connects to network (likely due to code injection or exploit) 62->192 82 conhost.exe 65->82         started        128 104.244.42.130 TWITTERUS United States 67->128 130 104.244.42.133 TWITTERUS United States 67->130 132 51 other IPs or domains 67->132 signatures17 process18

                                  Screenshots

                                  Thumbnails

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                  windows-stand

                                  Antivirus, Machine Learning and Genetic Malware Detection

                                  Initial Sample

                                  SourceDetectionScannerLabelLink
                                  SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe55%ReversingLabsWin32.Trojan.RiseProStealer
                                  SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe68%VirustotalBrowse
                                  SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe100%Joe Sandbox ML

                                  Dropped Files

                                  SourceDetectionScannerLabelLink
                                  C:\ProgramData\MPGPH131\MPGPH131.exe100%Joe Sandbox ML
                                  C:\ProgramData\MPGPH131\MPGPH131.exe55%ReversingLabsWin32.Trojan.RiseProStealer
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\autorun[1].exe74%ReversingLabsByteCode-MSIL.Trojan.Generic
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exe55%ReversingLabsWin32.Trojan.RiseProStealer
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\kkxxx[1].exe75%ReversingLabsWin32.Trojan.SunnyDigits
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exe88%ReversingLabsByteCode-MSIL.Trojan.Zilla
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll96%ReversingLabsWin32.Trojan.Amadey
                                  C:\Users\user\AppData\Local\RageMP131\RageMP131.exe55%ReversingLabsWin32.Trojan.RiseProStealer
                                  C:\Users\user\AppData\Local\Temp\1000384001\autorun.exe74%ReversingLabsByteCode-MSIL.Trojan.Generic
                                  C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe88%ReversingLabsByteCode-MSIL.Trojan.Zilla
                                  C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exe75%ReversingLabsWin32.Trojan.SunnyDigits
                                  C:\Users\user\AppData\Local\Temp\1000392001\liva.exe55%ReversingLabsWin32.Trojan.RiseProStealer
                                  C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll96%ReversingLabsWin32.Trojan.Amadey
                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

                                  Unpacked PE Files

                                  No Antivirus matches

                                  Domains

                                  No Antivirus matches

                                  URLs

                                  SourceDetectionScannerLabelLink
                                  http://exslt.org/common0%URL Reputationsafe
                                  http://x1.c.lencr.org/00%URL Reputationsafe
                                  http://x1.i.lencr.org/00%URL Reputationsafe
                                  http://13.68/mX)Z50%Avira URL Cloudsafe
                                  http://185.215.113.68/theme/index.phpBh100%Avira URL Cloudmalware
                                  http://185.215.113.68/theme/index.phpCa100%Avira URL Cloudmalware
                                  http://107.151.245.75:10807/kkxxx.exeb6122417a0%Avira URL Cloudsafe
                                  https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
                                  http://185.215.113.68/theme/index.php%H100%Avira URL Cloudmalware
                                  http://185.215.113.68/theme/index.php9.f100%Avira URL Cloudmalware
                                  https://accounts.google.com2%0%Avira URL Cloudsafe
                                  http://109.107.182.3/cost/go.exePS0%Avira URL Cloudsafe
                                  http://exslt.org/dates-and-times0%Avira URL Cloudsafe
                                  https://www.bbc.co.uk/0%Avira URL Cloudsafe
                                  https://tracking-protection-issues.herokuapp.com/new0%VirustotalBrowse
                                  https://bugzilla.mo0%Avira URL Cloudsafe
                                  https://medfioytrkdkcodlskeej.net/V100%Avira URL Cloudmalware
                                  http://185.215.113.68/theme/index.phps100%Avira URL Cloudphishing
                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
                                  http://exslt.org/dates-and-times0%VirustotalBrowse
                                  https://account.bellmedia.c0%Avira URL Cloudsafe
                                  https://www.aorp.org.br/temp/gold.exeik0%Avira URL Cloudsafe
                                  http://185.215.113.68/theme/index.phptch100%Avira URL Cloudmalware
                                  https://www.aorp.org.br/temp/leg.exe/0%Avira URL Cloudsafe
                                  http://194.33.191.102/autorun.exe100%Avira URL Cloudmalware
                                  http://185.215.113.68/theme/index.php2100%Avira URL Cloudphishing
                                  https://mail.yahoo.co.jp/compose/?To=%s0%Avira URL Cloudsafe
                                  https://www.amazon.co.uk/0%Avira URL Cloudsafe
                                  http://185.215.113.68/c0f9c34d04ecd71f3f7e0360f241fc96d3b5a4e6b1c66fdd454daa52aa495c49#01LMEM100%Avira URL Cloudmalware
                                  http://185.215.113.68/theme/Plugins/cred64.dll100%Avira URL Cloudmalware
                                  http://185.172.128.19/latestrocki.exe100%Avira URL Cloudmalware
                                  https://www.aorp.org.br/o0%Avira URL Cloudsafe
                                  https://accounts.google.com_C:0%Avira URL Cloudsafe

                                  Domains and IPs

                                  Contacted Domains

                                  No contacted domains info

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://ipinfo.io/widget/demo/154.16.192.193CRageMP131.exe, 00000020.00000002.2413593231.0000000000B97000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      http://detectportal.firefox.com/firefox.exe, 00000029.00000003.2536360646.0000024E70C1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://ipinfo.io/widget/demo/154.16.192.193EMPGPH131.exe, 00000007.00000002.3333189112.0000000000EBC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://t.me/RiseProSUPPORTlMPGPH131.exe, 00000006.00000002.2666359935.000000000143F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ipinfo.io/widget/demo/154.16.192.193PRageMP131.exe, 00000009.00000002.2346502706.00000000012F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000002D.00000002.4880401161.000001E85F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3476212706.0000015516A7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://t.me/RiseProSUPPORTeRageMP131.exe, 00000020.00000002.2413593231.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EF8000.00000040.00000001.01000000.00000007.sdmp, ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000000.2175559805.000000000101D000.00000080.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.00000000002A8000.00000040.00000001.01000000.0000000E.sdmp, explorhe.exe, 0000001A.00000000.2277302471.00000000003CD000.00000080.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000000.2364773274.0000000000FFD000.00000080.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000000.2364971043.0000000000FFD000.00000080.00000001.01000000.00000013.sdmpfalse
                                                      		high
                                                      http://107.151.245.75:10807/kkxxx.exeb6122417aexplorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000029.00000003.2528102885.0000024E7A6EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://185.215.113.68/theme/index.phpCaexplorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmptrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000029.00000003.2749816565.0000024E6F84F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://185.215.113.68/theme/index.phpBhexplorhe.exe, 0000001A.00000002.4880021565.000000000131E000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000029.00000003.2472606966.0000024E7AADB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://13.68/mX)Z5RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		low
                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 00000029.00000003.2361969173.0000024E6D86B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2361362335.0000024E6D850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360391263.0000024E6D81C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2359993985.0000024E6D600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2360916146.0000024E6D836000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://steamcommunity.com/openid/loginformcwSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://store.steampowered.com/loginwSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://185.215.113.68/theme/index.php%Hexplorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://185.215.113.68/theme/index.php9.fexplorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://exslt.org/commonfirefox.exe, 00000030.00000002.3476212706.0000015516AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4882234214.0000022891C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://accounts.google.com2%wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          http://109.107.182.3/cost/go.exePSMPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://exslt.org/dates-and-timesfirefox.exe, 00000030.00000002.3486001209.000001551BE12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.ecosia.org/newtab/SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2122604120.0000000000871000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2125408078.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000003.2129489483.000000000344E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2143772165.0000000001464000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2148330409.0000000003F90000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2147497611.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2155757136.0000000003BD7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://MD8.mozilla.org/1/mfirefox.exe, 00000029.00000003.2594531574.0000024E7A556000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2530129719.0000024E7A556000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ipinfo.io:443/widget/demo/154.16.192.193pMPGPH131.exe, 00000007.00000002.3333189112.0000000000EDB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.bbc.co.uk/firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000029.00000003.2751073664.0000024E6EF9E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000030.00000002.3494670162.000001551C1BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.00000228973A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bugzilla.mofirefox.exe, 00000029.00000003.2745496779.0000024E76E9E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://ipinfo.io/RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://mitmdetection.services.mozilla.com/firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://medfioytrkdkcodlskeej.net/Vexplorhe.exe, 0000001A.00000002.4880021565.00000000012F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://spocs.getpocket.com/firefox.exe, 00000029.00000003.2529290517.0000024E7A5F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ipinfo.io:443/widget/demo/154.16.192.193~SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe, 00000000.00000002.2239266485.00000000007E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://185.215.113.68/theme/index.phpsexplorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: phishing
                                                                                                    		unknown
                                                                                                    https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Gettingfirefox.exe, 00000030.00000002.3492963215.000001551BF03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.iqiyi.com/firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifirefox.exe, 0000002D.00000002.4880401161.000001E85F1C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://account.bellmedia.cfirefox.exe, 00000029.00000003.2536360646.0000024E70C2A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://login.microsoftonline.comfirefox.exe, 00000029.00000003.2536360646.0000024E70C2A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.zhihu.com/firefox.exe, 00000029.00000003.2603520047.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2534305328.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://185.215.113.68/theme/index.phptchexplorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    http://x1.c.lencr.org/0firefox.exe, 00000029.00000003.2464303277.0000024E7AB7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://x1.i.lencr.org/0firefox.exe, 00000029.00000003.2464303277.0000024E7AB7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://mozilla-hub.atlassian.net/browse/SDK-405firefox.exe, 00000029.00000003.2475318029.0000024E76DA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/Correctfirefox.exe, 00000032.00000002.4922412954.000002289720D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.aorp.org.br/temp/gold.exeikexplorhe.exe, 0000001A.00000002.4880021565.000000000131E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.aorp.org.br/temp/leg.exe/explorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://t.me/risepro_bot=RageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://194.33.191.102/autorun.exeexplorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            http://185.215.113.68/theme/index.php2explorhe.exe, 0000001A.00000002.4886814706.000000000142A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                            		unknown
                                                                                                                            https://identity.mozilla.com/apps/relayfirefox.exe, 00000029.00000003.2662864017.0000024E7A29D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2742291562.0000024E7A283000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000029.00000003.2536360646.0000024E70C52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000029.00000003.2569267389.0000024E6C17E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://www.epicgames.com/id/loginwSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000029.00000003.2601509772.0000024E76CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.amazon.co.uk/firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://screenshots.firefox.com/firefox.exe, 00000030.00000002.3492963215.000001551BF03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3494670162.000001551C131000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000030.00000002.3492963215.000001551BF0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4931065253.0000022897333000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://185.215.113.68/c0f9c34d04ecd71f3f7e0360f241fc96d3b5a4e6b1c66fdd454daa52aa495c49#01LMEMexplorhe.exe, 0000001A.00000002.4880021565.00000000013B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        http://185.215.113.68/theme/Plugins/cred64.dllexplorhe.exe, 0000001A.00000002.4880021565.000000000134D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.wykop.pl/firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.olx.pl/firefox.exe, 00000029.00000003.2603520047.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2534305328.0000024E76BEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://t.me/risepro_botRageMP131.exe, 00000020.00000002.2413593231.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/google/closure-compiler/issues/3177firefox.exe, 00000029.00000003.2516481299.0000024E77121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2625582515.0000024E77123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2416754567.0000024E77123000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://t.me/risepro_boteMPGPH131.exe, 00000006.00000002.2666359935.00000000013E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://185.172.128.19/latestrocki.exeexplorhe.exe, 0000001A.00000002.4880021565.0000000001382000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.google.com/complete/firefox.exe, 00000029.00000003.2475318029.0000024E76D94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://firefox.settings.services.mozilla.com/v1enableTelemetryRecordingfirefox.exe, 00000032.00000002.4922412954.0000022897203000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://webextensions.settings.services.mozilla.com/v1firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integrationfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.linkedin.com/loginwSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://addons.mozilla.org/%LOCALE%/firefox/firefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.avito.ru/firefox.exe, 00000029.00000003.2588661820.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2526860029.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2462381790.0000024E7ABE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.aorp.org.br/oexplorhe.exe, 0000001A.00000002.4880021565.000000000135B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://accounts.google.com_C:wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001799000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305565658.0000000001799000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311355580.0000000001799000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		low
                                                                                                                                                                  https://spocs.getpocket.comfirefox.exe, 00000029.00000003.2598690074.0000024E78880000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000003.2532659266.0000024E78880000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://developers.google.com/safe-browsing/v4/advisoryfirefox.exe, 0000002D.00000002.4878062182.000001E85F000000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000030.00000002.3474710504.0000015516880000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000032.00000002.4890467492.0000022892270000.00000002.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881firefox.exe, 00000032.00000002.4882234214.0000022891C03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000032.00000002.4922412954.0000022897203000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000002.2299548287.0000000000EF8000.00000040.00000001.01000000.00000007.sdmp, ItBcnKyTYzzcux4XTo2S.exe, 00000008.00000000.2175559805.000000000101D000.00000080.00000001.01000000.00000007.sdmp, explorhe.exe, 0000001A.00000002.4855673331.00000000002A8000.00000040.00000001.01000000.0000000E.sdmp, explorhe.exe, 0000001A.00000000.2277302471.00000000003CD000.00000080.00000001.01000000.0000000E.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000002.2672811454.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002E.00000000.2364773274.0000000000FFD000.00000080.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000002.2669134458.0000000000ED8000.00000040.00000001.01000000.00000013.sdmp, RN_rIK_rAnb45b13yJFN.exe, 0000002F.00000000.2364971043.0000000000FFD000.00000080.00000001.01000000.00000013.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://store.steampowered.com/login5wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000002.2311093691.0000000001730000.00000004.00000020.00020000.00000000.sdmp, wSEyOaXu6NUnyNwmSKqM.exe, 0000000A.00000003.2305334510.0000000001730000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high

                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                            Public IPs

                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            54.86.169.242
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                            13.107.246.40
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            151.101.130.133
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                            35.186.247.156
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            172.253.122.84
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            162.159.61.3
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            142.251.40.132
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            109.107.182.3
                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                            		49973TELEPORT-TV-ASRUfalse
                                                                                                                                                                            23.40.179.37
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                            157.240.241.1
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		32934FACEBOOKUSfalse
                                                                                                                                                                            204.79.197.239
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            23.47.204.51
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                            34.120.208.123
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            13.35.93.65
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                            1.1.1.1
                                                                                                                                                                            		unknownAustralia
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            157.240.241.63
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		32934FACEBOOKUSfalse
                                                                                                                                                                            35.81.110.220
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		237MERIT-AS-14USfalse
                                                                                                                                                                            172.253.62.84
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            185.172.128.19
                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                            		50916NADYMSS-ASRUfalse
                                                                                                                                                                            239.255.255.250
                                                                                                                                                                            		unknownReserved
                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                            142.251.32.110
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            18.235.58.129
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                            72.21.91.70
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15133EDGECASTUSfalse
                                                                                                                                                                            142.250.80.46
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            185.215.113.68
                                                                                                                                                                            		unknownPortugal
                                                                                                                                                                            		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                            142.251.40.227
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.80.42
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            13.107.43.14
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            142.251.41.14
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.251.41.10
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.251.40.195
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            172.64.41.3
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            13.107.9.158
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            104.77.8.121
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                            138.91.254.96
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            142.251.40.118
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            34.149.100.209
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                            34.107.243.93
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.251.40.234
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            34.107.221.82
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.81.227
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            23.55.235.225
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                            151.101.65.21
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                            23.36.87.113
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                            142.250.65.163
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.80.110
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            194.33.191.102
                                                                                                                                                                            		unknownunknown
                                                                                                                                                                            		20668AQUA-ASROfalse
                                                                                                                                                                            172.253.63.84
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            13.225.63.110
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                            142.251.40.202
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            157.240.241.35
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		32934FACEBOOKUSfalse
                                                                                                                                                                            34.117.237.239
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                            151.101.66.133
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                            151.101.193.21
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                            142.250.65.170
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.72.106
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.65.174
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            13.107.21.239
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            131.253.33.239
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            104.244.42.133
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13414TWITTERUSfalse
                                                                                                                                                                            199.232.36.159
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                            157.240.241.174
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		32934FACEBOOKUSfalse
                                                                                                                                                                            104.244.42.130
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13414TWITTERUSfalse
                                                                                                                                                                            13.107.42.16
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            152.199.24.163
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15133EDGECASTUSfalse
                                                                                                                                                                            142.251.167.84
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            20.96.153.111
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            142.250.72.99
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            104.127.87.210
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                            34.160.144.191
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                            91.215.85.209
                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                            		34665PINDC-ASRUfalse
                                                                                                                                                                            142.251.41.3
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            104.17.208.240
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            142.251.41.4
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.65.202
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            34.117.186.192
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                            152.195.19.97
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15133EDGECASTUSfalse
                                                                                                                                                                            13.107.21.200
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                            151.101.1.35
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                            52.24.152.80
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                            93.184.215.217
                                                                                                                                                                            		unknownEuropean Union
                                                                                                                                                                            		15133EDGECASTUSfalse
                                                                                                                                                                            104.244.42.65
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13414TWITTERUSfalse
                                                                                                                                                                            104.244.42.2
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13414TWITTERUSfalse
                                                                                                                                                                            142.250.65.195
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            193.233.132.62
                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                            		2895FREE-NET-ASFREEnetEUfalse
                                                                                                                                                                            23.47.169.131
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                            172.64.146.201
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            35.244.181.201
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            104.102.129.112
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                            107.151.245.75
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		62468VPSQUANUSfalse
                                                                                                                                                                            192.185.223.216
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                                                            142.251.40.97
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.251.40.163
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            142.250.176.195
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                            184.87.173.16
                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                            Private

                                                                                                                                                                            IP
                                                                                                                                                                            192.168.2.16
                                                                                                                                                                            192.168.2.7
                                                                                                                                                                            192.168.2.5
                                                                                                                                                                            127.0.0.1

                                                                                                                                                                            General Information

                                                                                                                                                                            Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                                                            Analysis ID:1376083
                                                                                                                                                                            Start date and time:2024-01-17 15:37:27 +01:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 16m 26s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:70
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@247/607@0/99
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 97%
                                                                                                                                                                            • Number of executed functions: 75
                                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                            • Override analysis time to 240s for rundll32

                                                                                                                                                                            Warnings

                                                                                                                                                                            • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                            • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                            Simulations

                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                            15:38:21Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                            15:38:21Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                            15:38:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                            15:38:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                            15:38:53API Interceptor184572x Sleep call for process: explorhe.exe modified
                                                                                                                                                                            15:38:56Task SchedulerRun new task: explorhe.exe path: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                            15:39:20API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                            15:39:32API Interceptor30115x Sleep call for process: rundll32.exe modified
                                                                                                                                                                            15:40:03Task SchedulerRun new task: MalayamaraUpdate path: "C:\Users\user\AppData\Local\Temp\Updater.exe"
                                                                                                                                                                            15:41:32AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run HD Audio Background Process C:\Windows\scvhost.exe
                                                                                                                                                                            15:41:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run zona.exe C:\Users\user\AppData\Local\Temp\1000391001\zona.exe
                                                                                                                                                                            15:41:56AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run liva.exe C:\Users\user\AppData\Local\Temp\1000392001\liva.exe
                                                                                                                                                                            15:42:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run zona.exe C:\Users\user\AppData\Local\Temp\1000391001\zona.exe
                                                                                                                                                                            15:42:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run liva.exe C:\Users\user\AppData\Local\Temp\1000392001\liva.exe

                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                            IPs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            54.86.169.2421x43xx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              WEXTRACT.EXE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  3Q6szo2XZ9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      qyNqgJ8r1I.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        CSAm8g1nMm.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                          13.107.246.40InvoiceJ9AR10_PDF.svgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            https://1drv.ms/b/s!Au_iWJNj9ucega8VdNm54Y_182oELAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://na4.docusign.net/Signing/EmailStart.aspx?a=11a8ea43-f4a1-4673-9748-a405652ae492&acct=6c24687d-2e8f-4891-ae9a-0598273c3835&er=f3d8a336-fdac-4a63-abb1-6df677145058Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                https://1m6mqba64sdu-1323816442.cos.na-toronto.myqcloud.com/1m6mqba64sdu.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  https://r20.rs6.net/tn.jsp?f=001Qj__emGD9Bdq3jIbmTGzXeZtKP-gL9EOTVwYA5oIhXAYUkGQwue91c0c-myzSYqSUJ90bB2Bol9LvoeGqzl-IuKGsPYzAOr7jbNB4RN_SfyeVzt9IHZ0QAKTbFZEd7cKkaeQu5DtNiF6YcQwmKGWXWZIY1504l9T&c=&ch==&__=/DOMC/YWJyYXZvQGV2ZXJzaGVkcy1zdXRoZXJsYW5kLmVzGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                    https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=teensgrieve.org/.asirodj/?q=aWJkZ0Bub3ZvenltZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      http://lndustrialwerksaustralia-docsiuhfeioh.nimbusweb.me/share/10105497/2qxe489s74rsqmtgo0xeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        https://mfaauthexx.grksteels.com/frank.user@fbi.govGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          https://fanlink.to/tYDVGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            WEXTRACT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              Actioned_EFTREMITTANCE00087.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                https://r20.rs6.net/tn.jsp?f=001jPUX6wqpmFTq9Ay3iB0yP7MVlFo2GoGNWMXxwJpKB7jvx0rO8OjSjzhOeR5uLWBOaZ6Cc7voGg90e2IKANrvENA_sE3lCjhfcfaHQLU8rKVTLcq5INyUMqyCN__Xtu8cSaIZx7VBpzYro55RLi7qJg==&c=2VQo990sygT0blb_62ceG6A_YFkxcT4lrcZWhYGP-ezEmjgg9eL3Vg==&ch=OaDnyFG6Cqf0n_VSDFSy3ZAo8elOTHrSg8oEJuqigPT8MHLwjAQTLw==&c=&ch=&__=gary@garyfontana.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  https://padlet.com/dave386/bsg-logistics-5p791yve09sn7wu4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    Accept Files.DocxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=calirm%40hinckleyallen.com&senderemailaddress=tbutler%40selecttile.com&senderorganization=AwF%2fAAAAAnsAAAADAQAAABwI7eyIdK1Fmg7tJT6AoKRPVT1uZWZpbmlzaC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMTBBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT01ALHrYkuTtSqpa%2fBaTIIAhQ049Q29uZmlndXJhdGlvbixDTj1uZWZpbmlzaC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMTBBMDA1LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3cMN2PR10MB354902DD4F9E7E374D653825C5732%40MN2PR10MB3549.namprd10.prod.outlook.com%3e&cfmRecipient=SystemMailbox%7b6C0A1EFA-EC06-4AF8-8120-E8DF728D24A6%7d%40nefinish.onmicrosoft.com&consumerEncryption=false&senderorgid=36858cd5-f8d2-412e-9bf1-1695355a0ce6&urldecoded=1&e4e_sdata=S1q69%2byxUSz41CMA2XskYsk5wrxtq6jxddPK7VSa3cL9FPranF5%2fcI7gsG5FyjHiAJdM8aBbEOWOk8g8HcQJwyv1kPlY8ZQsMnS57qPSCWnbTWbRkg20LhzXqITTpTDSfyDJ6usXbPt6Ae54FMLGUoLUpmwhnYNBlyfuaOrfaFWzUDNYTYrDrVF6xGlQ5puWcwZF4HDbqhnWlPNwJP9Zn42UKnm9HnzXTdUR7N1WYF6Zoq1UkikerFXtOQzIcuLLNFM9rosdR4ZMytXXdEWc4X2b6YxKJMIuiJq5zIKWgqPblTHsJCnTz80n6rfH%2fj2xwfO805SSLx0znCBl5DwWqA%3d%3dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        https://login.naipinnacle.com/bNTgxgwwGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                                                                                                          3456.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            https://www.bleckt.com/bitrix/redirect.php?event1&event2&event3&goto=https://porekel.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              https://porekel.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                https://gahidaj.r.af.d.sendibt2.com/tr/cl/mckMFSiQ3mGmWHH04dZpYMyiod5Fomr70EPz7YkxQTuEZZicLHavdDfAmZ8_SJAvr1BbuN324VChAOMGW3RacqA2NHfJmHN1e1xU5n14z7QH_pKswLz_HBmweqnJzrvY9zkpJvedtV3mbwdZqVPHofrE2g2rctyVSlFzMFZdaRnPhgcn_GYV_zwvA1VcdMiqUHyhoh-o3IavjYfWZQkvRYfH5bvzpq_PHPrnRVG33K50Evd5yUXxk4aHSWJrgD_JRMF6Vue7pXObY1AZWSdZ1glAvU2ohTQZfkwJJ5kgpvHJsxdzF276p9BsM6gCnwNI77biaLQQdEyFwJbzdwQJ1XTOS7TQdGOKqiGX-c_HTRVBY2L8psHX8ITeagn0Ye51_H4Luwgx7nMtoXjQa5mxAMWFNCNlWCXG3tiuYjqZdI4prsdUMX9SPBJj8HqdYkhGqsICsXbRT_y97fAZSrDT7RaTvFi3XoIE03AXJ5ciSKAO5XL1_yRjzHlmabUr-69QAxifC5SZscyJN-0rLbQ81K62t0AtIL7zMJrB1SdBYboHdzaUfcCmSMZKVDt_cbE5Ndjwfffu7KHyUOs1pdr_tgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  151.101.130.133https://mail.193-222-96-252.cprapid.com/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                                                    https://www.holaa.wizbest.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      XWX354.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        wlUQUBDNsV.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                          https://groupfuturista.com/FODOX2024.6/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            http://xq5.creatormantra.in/4WxVfb2354Dgde274tdnnjnkymp14017YAADTSXTHVUYVJN68831YTAD8826q17Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                              qyNqgJ8r1I.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                CSAm8g1nMm.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                  Mvpb9enyV6.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                    http://98m.cosmiccreststudios.com/4hViVs2343kieN275qluhnitmaz14636HUGNYPXHWIKNWZL534PALY8858f18Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                      iJePpfg2vp.exeGet hashmaliciousRisePro Stealer, VidarBrowse
                                                                                                                                                                                                                                                        https://4ff3af-5.myshopify.com/2Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                          1WExtract.exeGet hashmaliciousRisePro Stealer, VidarBrowse
                                                                                                                                                                                                                                                            6EmPFOQefk.exeGet hashmaliciousRisePro Stealer, SmokeLoader, VidarBrowse
                                                                                                                                                                                                                                                              WEXTRACT.EXE.exeGet hashmaliciousRisePro Stealer, VidarBrowse
                                                                                                                                                                                                                                                                wextract.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                                  wextract2.exeGet hashmaliciousRisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                    https://www.ppinsummary.org/signin/Get hashmaliciousHTMLPhisher, PayPal PhisherBrowse
                                                                                                                                                                                                                                                                      WEXTRACT13.EXE.exeGet hashmaliciousRisePro Stealer, SmokeLoader, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                        WEXTRACT32.exeGet hashmaliciousRisePro Stealer, SmokeLoader, Vidar, zgRATBrowse

                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          AMAZON-AESUShttps://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui0WvLCPQLvr4XXu1ebaZOI8-3D-0ZA_FH5wB9JyRetszzOvZNE6f1jiXo5FWZrLpKIUqErY50BAz0yeSuYS3u-2F5ak9CXh7tGzF1tRMwWnxn9QAq-2F47ju6waKeH9qSzoRikWcSRcxfv-2FWzAgVRHntXG9-2FQHyP0orP0QDsV3pgr-2FUe-2FcdfUk18fa-2FZUDoaGC1oaEuXcvbPYMSKASRzKBzSkR8HnQOtsqPA3t3ylJwS1bzQVzkpx1UGSr-2FXO0esiVH2dV-2F4f577GWcaN6hdhhuEZrwSfsQIzFnusfiI4SQ-2F6qusercuXI-2Bf-2BRCUFJNApO1Z4f6orku25HibQYV2FDX419xUJM6yvFRGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 34.192.176.27
                                                                                                                                                                                                                                                                          https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui77nuc8oDLgngY4uyeAXou9EXVhHDo7M7WHe3tN4zKrNqxWWEA5i4ALTH8pKKbUBr8kl-2BaKOzRLYF4O9jWbQC4ETh3gaxy9Zl1P3us3e17tJsOUlwKwJzxH4U-2B4YCtdCKhwUoMCpyg7NNUrzuTgIzLhQxGftKThIbPuB8Nb-2BmtgGKsOqoXJ6U-2BADfghQ4BcLNnTCz8WOPd-2BpwYHQG27-2BmJL39Wz4GTGCtL1hCPh2SqRMSXI8OwZccm8GVU0Gku6MXMfJSjn1THezTD7Flfnhq9iTsL-2BqgwPTJls8-2BjTRc9BY-2Fh46AKx7Gq-2BWbs5Lh-2FWQDqHD79-2B4wi1xXGfVC-2BI5uRu3qb5Q9qE91C7McXL75baWeYwaEUD7jYVNTTkRP-2FiKAc2nAmKMZsvHdn9PKT9NJ5TiHTmuV8UPHx0hFbT-2FoZA30Gyvk1bp9nD9i4ph-2FoNGhnG8uLjEFPWprwatRp-2BQP6kJLn0uBau00h5QqYuOD7Gd92H3pJEI2BfGxRuVIYX14IBzVhmt-2FctDQIodsoatwLgBTnXhKygRejP8skmeldJI5rHqpFfHhWIg1giPRBfTcEg150YV1v9ETyT6Uifk9s6pHCUdZuw8FUIg-2FSbNwIPCsOE0tsI92UTXCdYi6N-2BNoVyL5OSJbyKJgkTtz2jqi7AlzjDgir0my-2FxeWtqBHHYkMxYllC-2FmTPEy-2FqqCLzFEBLlb8e7rfV0bdk6NMZJP-2BDoaOQFrsJCqLrTH-2FHiFfjxsqFhZdUVupOzthlEpPfONW-2B2H8nekGdMTeaCngXu3zWc9dllqrzWlyGYp5lI7idB-2Fns-2BSeSTLsYROOiQFyQnqs5rmrBtcUWvjJHXJ3dmnj8KOfXx7z7cF1nFFIoLyyC4A2WszgjnyvArLXGAkLuDptrq7S-2F88fXEocvf6m6FOIX5hxP5J-2FvC2AO5vvCZZGy9uq34DhBKapR-2B7Vxz1tPfsMZilBPcewHkG4U49WMe8dMwUgJvvBkUx7yWefFJGBtWEORYw_2Y2nVgmUakfOiBzkPBl9g-2FvXw-2FFdue1unOqOSl8Xbnm8oyn4sQ-2F2R3PuNTB7lzli8dA6wSmZNwvXv0UBP70uz2P7zFeqUQegpRcaNeCb4-2BWo5EMrZl28tbwQuhDxCamhvmJQ78wNqNkJLChbQ5ciL5dF8RTLCXk67iO0rqc-2B997j0jfrQKNGv90V9PpeyTMKMz6uyPn3kl5bKhRkgMa89T2u1Ha6YWBhcLFnbd7qfYUd0oAl-2FInhvnCyq9jNwdAsFJFgoaHWAB8L64Z2VCGpLFl8sksVrNSWRj-2BTF3SRr64edhOQkh-2BO3y489msvprf-2F&utm_source=tinas-newsletter-1eb35b.beehiiv.com&utm_medium=newsletter&utm_campaign=new-postGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 34.192.176.27
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=bBwYdIep1AJAhlueKA-2FYA3kLj-2BuhNXtTi0MSoxa-2Bue1y5LtHy0zIHlsX-2BQ7-2F-2F14oJl1Vn0JSmyeTgU62yPmEucUomiKe0c9GHzNa0umE7xcdwLiv-2B4R6u9ny-2BYVKQsM7Ec6ZEQAsIFg6XGl5284bd4WEtQlLdev2zr-2BR-2FpUeq21ZHE5R91glZSvN15S5vL-2FqUtUDmUI-2B-2Fq7VG-2B51fv7pWEuudCs1CwNpg3ylZAqX9ywC4Oa5JMTGp4bvtvB9XqxxzDjCcKAwfEHKPSjunO7RDYpOrt6OQokU5WudglsEMu3oYVPIqcq0JpO6cUxgqvl1-jo0_SwQzVbHIfFE9uWxeRIZUf7sxBlUMVV5-2BDExu8iBnKFTH6HQpYy7M65-2B4MHCQXlgAr7haZTYsoShZI26WimMw1zhvVGGBEyQdfRSqL8FJFmZC1NtnYdjPnCg-2BtCKQdXW7NGLEwWLUvZDP5ZzfuxEQedDpFsZq3wtmynNSs0Ip8gE41C0tn-2Bb42LB7tNi2Kv4plBoy0NYJ6E3jYUDCMbSdj-2BHnDlY42ZRJRIifxxab68FImrS3UYPqVu-2FTJMr2upZzrVm18vCq7lJWByDdeE3wCOeQ8W-2BH5cYey3GlDxRcp4186nUcenDDwVqkKdT43mWIGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 54.208.84.168
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=bBwYdIep1AJAhlueKA-2FYA3kLj-2BuhNXtTi0MSoxa-2Bue1y5LtHy0zIHlsX-2BQ7-2F-2F14oJl1Vn0JSmyeTgU62yPmEucUomiKe0c9GHzNa0umE7xcdwLiv-2B4R6u9ny-2BYVKQsM7Ec6ZEQAsIFg6XGl5284bd4WEtQlLdev2zr-2BR-2FpUeq21ZHE5R91glZSvN15S5vL-2FqUtUDmUI-2B-2Fq7VG-2B51fv7pWEuudCs1CwNpg3ylZAqX9ywC4Oa5JMTGp4bvtvB9XqxxzDjCcKAwfEHKPSjunO7RDYpOrt6OQokU5WudglsEMu3oYVPIqcq0JpO6cUxgqvl1-jo0_SwQzVbHIfFE9uWxeRIZUf7sxBlUMVV5-2BDExu8iBnKFTH6HQpYy7M65-2B4MHCQXlgAr7haZTYsoShZI26WimMw1zhvVGGBEyQdfRSqL8FJFmZC1NtnYdjPnCg-2BtCKQdXW7NGLEwWLUvZDP5ZzfuxEQedDpFsZq3wtmynNSs0Ip8gE41C0tn-2Bb42LB7tNi2Kv4plBoy0NYJ6E3jYUDCMbSdj-2BHnDlY42ZRJRIifxxab68FImrS3UYPqVu-2FTJMr2upZzrVm18vCq7lJWByDdeE3wCOeQ8W-2BH5cYey3GlDxRcp4186nUcenDDwVqkKdT43mWIGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 3.94.218.138
                                                                                                                                                                                                                                                                          http://dbree.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 34.226.223.105
                                                                                                                                                                                                                                                                          https://app.nearpod.com/presentation?pin=AB3D252F7946EEF357858BE38EFA7269-1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.70.124.81
                                                                                                                                                                                                                                                                          https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=teensgrieve.org/.asirodj/?q=aWJkZ0Bub3ZvenltZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 44.197.233.190
                                                                                                                                                                                                                                                                          http://lndustrialwerksaustralia-docsiuhfeioh.nimbusweb.me/share/10105497/2qxe489s74rsqmtgo0xeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 34.232.192.150
                                                                                                                                                                                                                                                                          https://sign.perif.rest/?jki=YndoQHNhbXBlbnNpb24uZGs=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 54.237.158.99
                                                                                                                                                                                                                                                                          WEXTRACT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 3.219.12.119
                                                                                                                                                                                                                                                                          https://winall.net/m/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 54.164.86.209
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=bBwYdIep1AJAhlueKA-2FYAwi6UDRXdy4QuaaDLpMKAY-2FuS7DJhm8sBiUV4ydTxDDfWXTk8MW3qX9LTCBGQWfEhnmkpUp1FbquubV2POTU0TfYdPXhhxh7hDtDzfbbXzOd1ckC5P7iLDnZFSFMGmu65sjG-2BA3TUBABnq-2FzYlUs0boCXfL2UxuiclTsBtheBWkPQRTvEHTv77Kj8g1MTyMP1pvopCtQAJ5eC29OoyBeB8Ky-2BFZD4gWekdHmK8wxczzUpm5r1Ri1ZD4o8oI9S4e641G5deUloWImtzjWRg3sCcHr3tK5OSy7j6pRbb9UY1LfeCLRUV-2BSpk4-2Fe2H8BCH55fQFQbliGeMM77lkvelOMaQ-3DWnBG_PoPSv5Gw7kvm-2FaTPf5isV0F8OzVemx3-2BMda5lKttFwV5hYNASaBIOvhduvo23ZgNxryqZbnFqmZgF2SN317Jd2zhbpKDd5qcAB8Ca2-2BEweiOZ51oi-2FsRxdK2fwu5dZK0TiJe4rYhTbhwXzM3-2FV4Kl6B2bNNt38cLE473cXw1qfRMJ-2FyFp9r6aaL1nRESCxsd2ZMlxe-2F60GB8pU449-2BvP1QbNAh5rgsg6ijs8GEdzoo3rVzT3Aql-2F24VqW0iuLMHYYjUxNCYPP17FxekR2fuKMRUrzJdVXaSuuWwDyYgWn8jhRMNWQkcJBtafYZikYu-2BUI55CMehwprVSKFMW4WPGr-2F2WS0fFBfVOOiIeukcG60IZddFW1yVZKhWoNcnN7HBa5yPzq-2BPf190lX11hUKMtUA7jyxwizAhkl6BxmnkKdKlD5U7A3DjRUgreC8poRHeqJDHN6cPnul8S7egIFefVkw-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 3.227.45.210
                                                                                                                                                                                                                                                                          New_ScanDoc#092387CHASEeAdvice.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                          • 18.205.93.2
                                                                                                                                                                                                                                                                          https://nhh1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 18.206.75.249
                                                                                                                                                                                                                                                                          https://nablug.xyz/74Qk/7.html?cep=I6Sf_UBhlc_in0YLZIRgIqeWR3eGLcM1jtAz_XKEvPPwwVEIgq099wL8OqqZGppleujmDuKUKmCIleulbam3JAkMgew2r2-wQJp_zaOlPq5Yw3DPE-8Vw2qlxpMoLDutPFSLlAu7837ZK6l1VGQTLYXdRsuJxnahfpzAR0g80R_zREDvMzi_Nk1pXcoKzMm5-XiQc2_dBuIm6XXLB_tKOzCitqgTnMJnJjmiXX74mKE-9HzQD6pJ611VOEe_YPiLYlCCfR0qLIs_GVwPRKcN-SD0-DuZpVIcGGUXkBysH23O1SFmNj9D92_OlgfjM_4GVUVyrx6ZtgHOkQ0FrU_Y-3NXSBM5RPWF3f8u84pXnPLh5Rfzn96bApA9raeGiOLk_GPyX2QKc2aPsHu35CdG81-ZUZ5zdxCRrnoAoTaK_NuN5hlo6NBY6hY8mnKGY5szY0wfX4Tb1LBjyv59eORY7cysQ7kijZiXQ3OSF75xJjxnd8WuBdekCLeG2q7oTCnBm9azQkyWrjLtAr0TFS5Mv_Iq3mUqrVhdDIBTwdkj-yvlMR6fn6N3zmWLH4MDesdMFUeysvxP5vOvux_P_wWfwcr1TFgDMHwrhmgLN3dMSMv4iwbrC6LZGHGn_ocDDIb58MWj-M18ymZ0GQ-LkoqWsSGVy0mgxun5kL9AA3DycgjIONvSst8xI1pPmv6RLpAdKP2CdXwK-63aZAY7PHIYLj4xwn6BAQL2kVLg9JCLDqVF9aLQBjkbPfGVzeBbYEfL7IAJ3gBzApql84jVrQ94Bic18an7u7SjJ4bOba02iuAUfbIJ4nEnc5qFoGaqApPL&lptoken=17b205bb455410e773e2&campaign_id=21902723&campaign_name=United+States+-+MC_%23EXC%23_18_VIR_12.23_3&creative_id=3159162&publisher_id=30ea153f4c870c61486ad6bb03fec201&site_id=37e2aaed2a6d5df89b3e2cad1ff83861&sub_list_id=1799&os=Windows+10&ip=205.118.69.211&user_id=platform%3A2247765aff0f91de35cd41a9d7bb034e&SUBSCRIPTION_AGE_HOURS=23&bid_price=0.086&click_id=v2-1705448654574-7-1799-1300283-794f3a89-6110-c7ab-da1c-cd74dcd45fd9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 34.197.104.62
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=60zrMRL8humPvMqOvvRGEsTwmfB1xyE-2FuIcJUrYW6CoxNuWh1d-2FPOUbebPgKWBbKvQ1rlWfSLfpUMIfzy8d0Dm96Dw9-2FRkaBjVQ8hPqe2tdqyXIunPrYCWzfp3vus9rAp9zdBXwvb-2BC1Znh6pjbUraa-2BWQmXUhLL9c1BG-2Bw9ch9zBNuOqkBOVtmwXIiyzkggH8di1Bm73cFQXet8RIU0xl5bI-2Fb5u96SEs2vI0vj7xXUPMsRRdburaDcmhDpX7iji0ek1i7SQ5D1KNf6og-2BJUf7oLeCWUthITtLrEy6K6iF6rZ3hfhPkuh9FX0ze5NWf2kU5_SwQzVbHIfFE9uWxeRIZUf7sxBlUMVV5-2BDExu8iBnKFTH6HQpYy7M65-2B4MHCQXlgAO-2BztY8UDe8f3HgJqiLMLbMOS-2FfUY0chtqi04f-2FuhXQcSXqTeA4k4M5AOxsw2gUPHp4wDJupm9iyJTUWQ5JplL47w9XTUpuR1mqIDr45ft7zf2KxL7QF6Gl2BI0ACyzJjFt8lsyLg1gK-2FOr0fd2CrD0CoBzjKxB4aPNlKugfQAL7sjYldK0kh3oQ4oUVvf0jp3PXDAlB6-2ByTcOC4PmnXMMrh0CXPCtRU08AnfXAxEKk-2Fdc3tlSw8c9VdJAahzS9LDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 3.94.218.138
                                                                                                                                                                                                                                                                          https://pub-8baa8855a622440791951d3d1f014e9b.r2.dev/axp.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 54.205.130.60
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=60zrMRL8humPvMqOvvRGEg48LWueAdxJ6tEejIQhrf0Nh7uYhpfc3PJmNIPIIL06bdX5U8lw7euEutfa5WsZ7NrT8iPcKhIvCElbls-2BTwwebe-2FNLJW5myKxzfjITM7fPAf-2B-2F0R99wJnwprQkWm7sPh9Iw8V17r5jcebfjsEtAf5zl4dJ77l5j4aZ3PQZoTq34yOKJQ3c81v2Xy7QJDfsoIEhYLN1WR1NzMVSoMSTXqNOmTkukjUePSsKW7hjSceGldNkBonhVtviARLsF4tGaDOefcJvC6QmwDrbzDanwjLxWMm5Rus3YtjhlpoLCbBcmFHS_SwQzVbHIfFE9uWxeRIZUf7sxBlUMVV5-2BDExu8iBnKFTH6HQpYy7M65-2B4MHCQXlgAO-2BztY8UDe8f3HgJqiLMLbMOS-2FfUY0chtqi04f-2FuhXQfnQDHtCxB-2BJK-2B09gVYOtB6LR7byct9lWdXowZlLQDcwq4m-2BmNeGTlFNk7so4jtB6HESYVYWIU1-2BYhS-2Bhk-2Bpw0b3t1Srv8KL1-2FgfPkQpm-2BwXrvL8vZdEs74CV9Msx-2F5Ie1o9hI-2FLCjDV3Ncv5R0ZkZw6WYKF1FQVM8D09clrJqW74kDInwS7VIF6ULM3-2F9gO5J-2BYj1Epxyn-2Bw3DGMRfTwV5nSw7HC-2F6OfptV1maN7U1hg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.71.168.113
                                                                                                                                                                                                                                                                          https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui4JEm7SMTdH3oaxX1zd4uY8-3DD_TS_ruLKzyNuaFolSvO4-2Flm5wZYAi4zbh2aSnayZrkNXC-2FcVDkkC95BquVLRP1YxkAi30IOeIR4C8PVCcnJztNw4UtEAghW4xRab0W48HKcpPMrsbvD8TD3rxLcLHyxw1QJ1mHqtKqI-2B9hZsQG29FWsqFb9QwtWlcmDbIJcdZKxaio5EH5A4gLAd9Nlnm5qqX5hiKGxVR5K0XlzUbkcmeeI-2F7I5W6g5G6JAk8ZXZWGv5livdhDLuS9QIc0-2BWWd1-2BZJlq-2FykJL1hAD4YopVl0-2F0iVXmbmWzsUVg3ncjbaCSqOQu8-3D#6Y2hhbWlsdG9uQGhpbGNvcnAuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.202.64.214
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=bBwYdIep1AJAhlueKA-2FYA-2BtdTB5WVyV9lK9pqVSSTU-2FhD5d6CLiqT-2FLQBoUx2tDsOgeR2id2pJLc6CSQBFrtLnJUJ7nUas-2BvwOt6wy-2Fv43XV8IZFPdfnc5aCCkkvCPNaPbB6CDEfpJ45Q8zqlgM1ZMIuImZCByIVQAcRO2ypoaiuTE13zw9MB5OPqKIEKoNQSmB2Gn6A-2BYlbY8gw6qaQNKzDOS4itHv0WTk18DyeiL-2BLdST4n-2FWzi-2FjbcFNl0VDHRzbw-2FK3YS-2FAP-2FMtuAslmr1j-2Bl245uyATswONGxh2xHyJiZ7Zs7tL-2F0-2BhALsezGG-2FIsqP_PoPSv5Gw7kvm-2FaTPf5isV0F8OzVemx3-2BMda5lKttFwV5hYNASaBIOvhduvo23ZgNxryqZbnFqmZgF2SN317Jd5JsAvLWLiTx01vINjL-2F5lN-2FM2J-2FOIrsEnGwGr-2F8Zcc3By2myRCL-2BHgNyi1mDzvy4dbNTDZ9FvrIV1O9ICdSqzUhE83y6huBAt5BL3nHnx55tM8O-2Bb-2BKtDXWBomfCYsL0StxEX3LTd3TT9a7hwhIGp-2BoumitNsrqT0QfjZgANjidIHAx9JI6rx3YJ-2BkwUCo-2BZCZPcbOM25WDVTKEJyZEBL2kOMDvq1N96TLpAGngfTJrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 34.193.113.164
                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSInvoiceJ9AR10_PDF.svgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.9.158
                                                                                                                                                                                                                                                                          https://1drv.ms/b/s!Au_iWJNj9ucega8VdNm54Y_182oELAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.137.11
                                                                                                                                                                                                                                                                          https://www.lawdepot.co.uk/emailconv.php?eid=71796098&redirect=//mrcogpearls%E3%80%82com/wp-includes/ID3/readme/Y2hyaXN0aWFuLnNoZWlsQGFtZXkuY28udWs=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                                                                                                                          https://www.e-outlook-online.com/?urid=gNXQZ4jWOdMCkTVnyVHqzkg852aeRcA_BSikN5onnHg0TgvnAHB7edLAe0rN61WiSiTwiAZNVahhNGyET_41r4k-ipgJQFsQ7dJudPwglHbcEKWEFp41T56IoZgVjUu0kU2ETj_k2vMDEbb&rg=CANGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 40.71.13.170
                                                                                                                                                                                                                                                                          https://na4.docusign.net/Signing/EmailStart.aspx?a=11a8ea43-f4a1-4673-9748-a405652ae492&acct=6c24687d-2e8f-4891-ae9a-0598273c3835&er=f3d8a336-fdac-4a63-abb1-6df677145058Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.96.88.50
                                                                                                                                                                                                                                                                          https://na4.docusign.net/Signing/EmailStart.aspx?a=11a8ea43-f4a1-4673-9748-a405652ae492&acct=6c24687d-2e8f-4891-ae9a-0598273c3835&er=f3d8a336-fdac-4a63-abb1-6df677145058Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 40.97.188.2
                                                                                                                                                                                                                                                                          https://trk.klclick3.com/ls/click?upn=bBwYdIep1AJAhlueKA-2FYA3kLj-2BuhNXtTi0MSoxa-2Bue1y5LtHy0zIHlsX-2BQ7-2F-2F14oJl1Vn0JSmyeTgU62yPmEucUomiKe0c9GHzNa0umE7xcdwLiv-2B4R6u9ny-2BYVKQsM7Ec6ZEQAsIFg6XGl5284bd4WEtQlLdev2zr-2BR-2FpUeq21ZHE5R91glZSvN15S5vL-2FqUtUDmUI-2B-2Fq7VG-2B51fv7pWEuudCs1CwNpg3ylZAqX9ywC4Oa5JMTGp4bvtvB9XqxxzDjCcKAwfEHKPSjunO7RDYpOrt6OQokU5WudglsEMu3oYVPIqcq0JpO6cUxgqvl1-jo0_SwQzVbHIfFE9uWxeRIZUf7sxBlUMVV5-2BDExu8iBnKFTH6HQpYy7M65-2B4MHCQXlgAr7haZTYsoShZI26WimMw1zhvVGGBEyQdfRSqL8FJFmZC1NtnYdjPnCg-2BtCKQdXW7NGLEwWLUvZDP5ZzfuxEQedDpFsZq3wtmynNSs0Ip8gE41C0tn-2Bb42LB7tNi2Kv4plBoy0NYJ6E3jYUDCMbSdj-2BHnDlY42ZRJRIifxxab68FImrS3UYPqVu-2FTJMr2upZzrVm18vCq7lJWByDdeE3wCOeQ8W-2BH5cYey3GlDxRcp4186nUcenDDwVqkKdT43mWIGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.42.14
                                                                                                                                                                                                                                                                          Confirmation Attached.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.109.0.91
                                                                                                                                                                                                                                                                          http://dbree.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.51
                                                                                                                                                                                                                                                                          https://1m6mqba64sdu-1323816442.cos.na-toronto.myqcloud.com/1m6mqba64sdu.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                                                                                                                          https://r20.rs6.net/tn.jsp?f=001Qj__emGD9Bdq3jIbmTGzXeZtKP-gL9EOTVwYA5oIhXAYUkGQwue91c0c-myzSYqSUJ90bB2Bol9LvoeGqzl-IuKGsPYzAOr7jbNB4RN_SfyeVzt9IHZ0QAKTbFZEd7cKkaeQu5DtNiF6YcQwmKGWXWZIY1504l9T&c=&ch==&__=/DOMC/YWJyYXZvQGV2ZXJzaGVkcy1zdXRoZXJsYW5kLmVzGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                                                                                                                          https://app.nearpod.com/presentation?pin=AB3D252F7946EEF357858BE38EFA7269-1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                                                                                                                          BILLXOFXLADING.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.219.40
                                                                                                                                                                                                                                                                          https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=teensgrieve.org/.asirodj/?q=aWJkZ0Bub3ZvenltZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                                                                                                                          http://lndustrialwerksaustralia-docsiuhfeioh.nimbusweb.me/share/10105497/2qxe489s74rsqmtgo0xeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.96.15.178
                                                                                                                                                                                                                                                                          https://onedrive.live.com/view.aspx?resid=6C423AE231DA44BB%212126&authkey=!AN7rkGIrJ72JoMsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 20.50.73.9
                                                                                                                                                                                                                                                                          https://mfaauthexx.grksteels.com/frank.user@fbi.govGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40
                                                                                                                                                                                                                                                                          https://fanlink.to/tYDVGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.40
                                                                                                                                                                                                                                                                          WEXTRACT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 138.91.254.96
                                                                                                                                                                                                                                                                          Actioned_EFTREMITTANCE00087.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 13.107.213.40

                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\ProgramData\MPGPH131\MPGPH131.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1509376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.651826632483482
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:nUalkVcJGB7FyCTEaYtT9SfVK5Y3IexDzSf3Z8MQQvTICTNiTPUXl7TP8o1Cl8:nyWJG7yUVYtT8RSPKqvTVTUs9TP8o1Cm
                                                                                                                                                                                                                                                                          MD5:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          SHA1:FD4738C226BF7672880144AAD0135576AD3C1FA4
                                                                                                                                                                                                                                                                          SHA-256:2EB564562FC5D4D4AB4EFCA29E542BA64DA9B04A58B7C6A39ACE4E53AD12273A
                                                                                                                                                                                                                                                                          SHA-512:05A943DDB4A808EEE6F05EC091EB9E751602DBC2C7B8B8B27CFDF00274002434AA2718246CA77F6932059AD597DE51B422F06717C343D4F9AAAB9E4D0D44640F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\ProgramData\MPGPH131\MPGPH131.exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...7g.e...............".....T....................@..........................P............@............................................(.......................4.......8..............................@............................................text............................... ..`.rdata..............................@..@.data....6....... ..................@....rsrc...(...........................@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_ea41ae50-6fb0-40e6-aa56-da0115ce2bf3.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7598
                                                                                                                                                                                                                                                                          Entropy (8bit):5.166448152330168
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:sKMiBd2cbhbVbTbfbRbObtbyEl7n/JA6wnSrDtTkd/S8:sPbcNhnzFSJGjnSrDhkd/d
                                                                                                                                                                                                                                                                          MD5:AC32A4B89B138FC0CCC24A4352164FD1
                                                                                                                                                                                                                                                                          SHA1:A4FA3D9B6A7395A45A1249BAF35FA3BA34C47E7B
                                                                                                                                                                                                                                                                          SHA-256:B50A7DA822A15FC22F7BD7A79FCDBD99B0F09B368A1289CBCE9891A9803939B5
                                                                                                                                                                                                                                                                          SHA-512:18F01182F4FA2AD74ECC3AA2E08043D52B6F11902D4823D452564CD244806D1B4347612E649D7258B41BBEC706E5203A2216EF9BAD0A91F37FCC66CA7D0208F9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"ea41ae50-6fb0-40e6-aa56-da0115ce2bf3","creationDate":"2024-01-17T16:30:09.356Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_ea41ae50-6fb0-40e6-aa56-da0115ce2bf3.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7598
                                                                                                                                                                                                                                                                          Entropy (8bit):5.166448152330168
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:sKMiBd2cbhbVbTbfbRbObtbyEl7n/JA6wnSrDtTkd/S8:sPbcNhnzFSJGjnSrDhkd/d
                                                                                                                                                                                                                                                                          MD5:AC32A4B89B138FC0CCC24A4352164FD1
                                                                                                                                                                                                                                                                          SHA1:A4FA3D9B6A7395A45A1249BAF35FA3BA34C47E7B
                                                                                                                                                                                                                                                                          SHA-256:B50A7DA822A15FC22F7BD7A79FCDBD99B0F09B368A1289CBCE9891A9803939B5
                                                                                                                                                                                                                                                                          SHA-512:18F01182F4FA2AD74ECC3AA2E08043D52B6F11902D4823D452564CD244806D1B4347612E649D7258B41BBEC706E5203A2216EF9BAD0A91F37FCC66CA7D0208F9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"type":"uninstall","id":"ea41ae50-6fb0-40e6-aa56-da0115ce2bf3","creationDate":"2024-01-17T16:30:09.356Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1b5fdce3-a79e-4f5c-b7f6-290cfd2e92a0.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45519
                                                                                                                                                                                                                                                                          Entropy (8bit):6.093729955911367
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:QDXzgWPsj/qlGJqIY8GB4x9/SR8hDO6vP6OKu6UKA0sD+E5JLkcGoup1Xl3jVzXH:Q/Ps+wsI7yO9/S6/6pchu3VlXr4CRo4
                                                                                                                                                                                                                                                                          MD5:594669B7CFDEDFDBBDFD7FB1B3371440
                                                                                                                                                                                                                                                                          SHA1:826C490054ABAFA0FEFF78AC4F77F9959ACD0E96
                                                                                                                                                                                                                                                                          SHA-256:337082F1B2646BCDE54114A5D1D566A0ECE4E115EA121FB2D78085E26BFF7B6F
                                                                                                                                                                                                                                                                          SHA-512:328BB73DA53FAF8ECAA71E65E716AA8A02733D6599CD87DE5027DC73DDDDFECA8FF385EB8C7E79FD6260820F6C19495B64B4D9FB235E958C8E01CEEAC8CD0B84
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"84360B7D463700852C0CF4B438B8ED239FCBD0428E7F4DFE8461E7F2FC2FB7D2\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2aebbb02-53c8-4269-8200-6c133ec6c75a.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44668
                                                                                                                                                                                                                                                                          Entropy (8bit):6.096258477475884
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBmwuLhDO6vP6OKu6FKA0sD+E5JLkcGoup1Xl3jVz6:z/Ps+wsI7yOEJ6/6schu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:8E98F1FD8E32C7E0BF7B6137CA355E6A
                                                                                                                                                                                                                                                                          SHA1:BA2C831FB1EE2F8BDB2E6727162DEC910EF2B3DD
                                                                                                                                                                                                                                                                          SHA-256:97A4EBCA8AE41A1DF5A9790384BF45FC7DCFCF9CE85BF70D904200154D826944
                                                                                                                                                                                                                                                                          SHA-512:6E2066056810AA367F2F340671B2DA4F87DC128DC14501ECC0A54D2FC4542B36BD8C9F1C3614FBF7D2FE4EBDE538208D09AD70521B7EEC7B2738185CA52511FC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\30fb19fe-eb49-4894-8e88-4baf01f1c22f.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45519
                                                                                                                                                                                                                                                                          Entropy (8bit):6.093729955911367
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:QDXzgWPsj/qlGJqIY8GB4x9/SR8hDO6vP6OKu6UKA0sD+E5JLkcGoup1Xl3jVzXH:Q/Ps+wsI7yO9/S6/6pchu3VlXr4CRo4
                                                                                                                                                                                                                                                                          MD5:594669B7CFDEDFDBBDFD7FB1B3371440
                                                                                                                                                                                                                                                                          SHA1:826C490054ABAFA0FEFF78AC4F77F9959ACD0E96
                                                                                                                                                                                                                                                                          SHA-256:337082F1B2646BCDE54114A5D1D566A0ECE4E115EA121FB2D78085E26BFF7B6F
                                                                                                                                                                                                                                                                          SHA-512:328BB73DA53FAF8ECAA71E65E716AA8A02733D6599CD87DE5027DC73DDDDFECA8FF385EB8C7E79FD6260820F6C19495B64B4D9FB235E958C8E01CEEAC8CD0B84
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"84360B7D463700852C0CF4B438B8ED239FCBD0428E7F4DFE8461E7F2FC2FB7D2\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\39fb21ac-9fb6-42bd-9349-da0176cebf47.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44596
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095882928206105
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBbwuLhDO6vP6OKu6dOARDFqqcGoup1Xl3jVzXr4CW:z/Ps+wsI7ynES6/6Vchu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:1E41D199E92F605275A491F2C00170DA
                                                                                                                                                                                                                                                                          SHA1:2BEED143F448E2D6ACA464ADC69596F9282B52A6
                                                                                                                                                                                                                                                                          SHA-256:266DDFA8D99D517CBDBC45B7D971BF080BF2952C72ED8CA191870D753BADB359
                                                                                                                                                                                                                                                                          SHA-512:8301C2BC990847587CC679F97CA080651E74104F1442B2B1832E31349158C1D2DA6D526AB004C77D9957FCAF7C982A3873A7FECC0EE1870A8FAABBC16DC4A291
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\51f51b7a-b7ea-4341-970c-ddb9c51a9895.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45519
                                                                                                                                                                                                                                                                          Entropy (8bit):6.093584688370419
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:bDXzgWPsj/qlGJqIY8GB4x9/SHohDO6vP6OKu6FKA0sD+E5JLkcGoup1Xl3jVzXH:b/Ps+wsI7yO9/Q6/6schu3VlXr4CRo4
                                                                                                                                                                                                                                                                          MD5:212A67D57C6519BD60E50B0C6F0820E3
                                                                                                                                                                                                                                                                          SHA1:677E509931C96C8DD627E40DB245732B288E29FB
                                                                                                                                                                                                                                                                          SHA-256:A14EFFA2DD8B901072EEF5255935108D29B6912A41EAA1F179D92957F722AEA8
                                                                                                                                                                                                                                                                          SHA-512:0416B25514931417FC80F2E3D638F2172DC75F4AFDA738834366A195D58AC6FB40135BF68A5382D1A8321B270440C448CDCFEBD3864CFF5AA2A94B2B2773497A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5d72f111-d1e2-4d45-85e7-914e6c6dc886.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\73353296-4f26-49af-95e0-20ceb05478c9.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):53838
                                                                                                                                                                                                                                                                          Entropy (8bit):6.071813136669956
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:Q/Ps+wsI7yO9/76/6HzswlgQchu3VlXr4CRo4:Q/0+zI7yOR26HzswCnh2lbxd
                                                                                                                                                                                                                                                                          MD5:16D2EB45A39256D542756625BAF5629D
                                                                                                                                                                                                                                                                          SHA1:981688F327E5D129241D46BCD1D7248F64F36B35
                                                                                                                                                                                                                                                                          SHA-256:3974825D43156EB382DE1984F89DC2C48B1A64786D748F9AF6D763904C081F4A
                                                                                                                                                                                                                                                                          SHA-512:AC74E775F4DD552ED84E65CBE3A680170C8174956E8AAF57031D820A8C7F96E18DD2FF8A204DB96FEF132063C5D7BAEAA497F88CEA239EC7F4F73BBAE0416035
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"84360B7D463700852C0CF4B438B8ED239FCBD0428E7F4DFE8461E7F2FC2FB7D2\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\75371d22-2db1-4e4e-a462-20634cbd3218.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):44596
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095882928206105
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBbwuLhDO6vP6OKu6dOARDFqqcGoup1Xl3jVzXr4CW:z/Ps+wsI7ynES6/6Vchu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:1E41D199E92F605275A491F2C00170DA
                                                                                                                                                                                                                                                                          SHA1:2BEED143F448E2D6ACA464ADC69596F9282B52A6
                                                                                                                                                                                                                                                                          SHA-256:266DDFA8D99D517CBDBC45B7D971BF080BF2952C72ED8CA191870D753BADB359
                                                                                                                                                                                                                                                                          SHA-512:8301C2BC990847587CC679F97CA080651E74104F1442B2B1832E31349158C1D2DA6D526AB004C77D9957FCAF7C982A3873A7FECC0EE1870A8FAABBC16DC4A291
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e0199e8-5a95-42a0-bd1b-cd96bf9aaa53.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):53838
                                                                                                                                                                                                                                                                          Entropy (8bit):6.071813136669956
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:Q/Ps+wsI7yO9/76/6HzswlgQchu3VlXr4CRo4:Q/0+zI7yOR26HzswCnh2lbxd
                                                                                                                                                                                                                                                                          MD5:16D2EB45A39256D542756625BAF5629D
                                                                                                                                                                                                                                                                          SHA1:981688F327E5D129241D46BCD1D7248F64F36B35
                                                                                                                                                                                                                                                                          SHA-256:3974825D43156EB382DE1984F89DC2C48B1A64786D748F9AF6D763904C081F4A
                                                                                                                                                                                                                                                                          SHA-512:AC74E775F4DD552ED84E65CBE3A680170C8174956E8AAF57031D820A8C7F96E18DD2FF8A204DB96FEF132063C5D7BAEAA497F88CEA239EC7F4F73BBAE0416035
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"84360B7D463700852C0CF4B438B8ED239FCBD0428E7F4DFE8461E7F2FC2FB7D2\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65A7E674-3338.pma

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5234232221747077
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:7UuYpwPLLyrwaH6MCSHy6aH2HEvHv+XzG:7yr7axWe
                                                                                                                                                                                                                                                                          MD5:76B7213B8E5E2A5453D93F178DBB5E44
                                                                                                                                                                                                                                                                          SHA1:CC5EC7E56FFE058968F5002DB1D725475E7BEEF6
                                                                                                                                                                                                                                                                          SHA-256:766F038138F8EC8E0B8038ABF6A9D4DA9B35FB3433D7A5199F85C50E8CB6B93E
                                                                                                                                                                                                                                                                          SHA-512:D45B394C5D748988EE2BA5A59B2CA59CF905E66DE6A2BE044B19DFA700DD3D99326E3E353E2E9FC7C2CB754FC85589D13093CFC11BF0ABDF618C139F65E73F50
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?........".ygdebm20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....s..^o..J...W..^o..J.....1.^o..J..,jp..^o..J.......^o..J../T...^o..J...X.p.^o..J.....p.^o..J...c...^o..J...t...^o..J.......^o..J...Y...^o..J.......^o..J..w....^o..J...G.Y.^o..J..h....^o..J..A....^o..J..1H...^o..J....c..^o..J...c=..^o..J....J..^o..J...h8..^o..J..3.(..^o..J.......^o..J..!n...^o..J...S@".^o..J.......^o..J.......^o..J...j.8.^o..J.....-.^o..J.....z.^o..J.......^o..J..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):280
                                                                                                                                                                                                                                                                          Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                          MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                          SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                          SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                          SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\02a79922-f3d0-4f5f-b645-e8015ab6bc3f.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                                                                                                                          Entropy (8bit):5.565747998435081
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpyCpjZpr9HpgWP4MpdfX9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/3pwJqpAnb:HOpyCpjZpr9HpgWP4MpdfX9peu1jaW3E
                                                                                                                                                                                                                                                                          MD5:1A1143A2801556B96F3148B640579F84
                                                                                                                                                                                                                                                                          SHA1:442F342A236F87A8060EF17A07E786CC69873648
                                                                                                                                                                                                                                                                          SHA-256:AA41933E53AE5FA1AABE2051F12667061F7DBEE290A4379714C7F734A6A1F909
                                                                                                                                                                                                                                                                          SHA-512:EA4BEE25CD0B757EE9D01CFDC1B04AF69C4B3A4FC2DF9E59FA0A124BBE5CA5A1DBFCEBA5993A4C3F304232F4618652112AF3C2D43154A9242FE6633AB870BDA3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1158a4f1-df62-450c-93a3-df5b8a04d277.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\236a4657-84f6-40ce-a28e-f8291b68a5c8.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13619
                                                                                                                                                                                                                                                                          Entropy (8bit):5.22353817131128
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:stljPGoPSUYunsNQcKVfhPaRZ5zbGfvZ21OKt6WsEZHMaTY4S5T:szOoKd9KVfRQbGw0s8aTYvR
                                                                                                                                                                                                                                                                          MD5:8308EB74A8B7F7828214DED4398D6F38
                                                                                                                                                                                                                                                                          SHA1:5FB51E8BD57CF13B29E2927FD89C8EF1A4B611A4
                                                                                                                                                                                                                                                                          SHA-256:ACAFE98A0CB84D66C0C49BBB85DAC5E1844C96095C8450F598402C8570E584C2
                                                                                                                                                                                                                                                                          SHA-512:DA6CA607B87C77A124A7CAE50199D7B6DB5A081835F6A9219B0DD5742DA4B5A4A67BB4A80FF58FE881248B6DDAC0DDE54056695AE2EC9531A316C46669B7866D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2a67b7a3-3bc0-4809-a50d-1f3ed6fdf981.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5fd16181-7f81-43ac-9050-d4c3f9f4ce37.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35463
                                                                                                                                                                                                                                                                          Entropy (8bit):5.558327641071698
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpTCp9ZprlHpgWP4Mpdf+9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV23pwJqpTnp:HOpTCp9ZprlHpgWP4Mpdf+9peu1jaZ3p
                                                                                                                                                                                                                                                                          MD5:FE80C4150C80FD6FA3303A0C3C2598C6
                                                                                                                                                                                                                                                                          SHA1:5150A5B3EDBDA74FFED2147B10915E6D45AD4A3D
                                                                                                                                                                                                                                                                          SHA-256:84F911F5880EE81A9119DCB7D60980855057634A376F3E2753ADCC42E0AED22E
                                                                                                                                                                                                                                                                          SHA-512:E4B79382CD55EFDBB1F22D25AD01ABE690FD28FB814808D5B853E21C6F1C290E6538B98B80426713DC88F9D7F50044C0E74223497916096FC0994A3830E0FE0E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\73b97b2c-b4cc-4db3-9750-a79c899a2bb9.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\82bb13ed-d273-41c7-b83c-1cb88f4ee9e8.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):12836
                                                                                                                                                                                                                                                                          Entropy (8bit):5.210657569135174
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:stljPGoPSuzunswVfhTaRZ5zbGxZ21OKt6WzEZHMaTY4SY:szOoKuKVfpQbG60sFaTYvY
                                                                                                                                                                                                                                                                          MD5:B253BA5E71B00EB43B7F75DFF6442B73
                                                                                                                                                                                                                                                                          SHA1:F82A86CA0CE05620F48284C5BFB0F620129ED622
                                                                                                                                                                                                                                                                          SHA-256:51F4CC4BFFB346640367D5E11E6A644AE88E036AEC5882F20A00B3FFB537428C
                                                                                                                                                                                                                                                                          SHA-512:EF486F380A5D7EFDAD71F17E013E7165F603BCE1195E12093FB5B1B6EDE2BDE35F289D3663A28315049C27AD31C24FEFEAD1503A36085928353B8C34B9F362B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\890db2d2-fe90-47db-8783-c01c699f3e7b.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35446
                                                                                                                                                                                                                                                                          Entropy (8bit):5.5584907717546255
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpTCp9ZprlHpgWP4Mpdf+9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV23pwJqpTnD:HOpTCp9ZprlHpgWP4Mpdf+9peu1jaZ3D
                                                                                                                                                                                                                                                                          MD5:A8ECED2CAC9DA9BD5C582A2FDAFF384A
                                                                                                                                                                                                                                                                          SHA1:00959F924FBC6B98E2511A52BEFB41829A570DEE
                                                                                                                                                                                                                                                                          SHA-256:9F45B79FEC5966116F02CE0DEAAE087EDED7E76024154373C413C369F56D64A4
                                                                                                                                                                                                                                                                          SHA-512:35AF557FD268BCD3649866DC9D82EECA2371F4DE6773805CDD0242489A8574789D15CBD53478A57CBB9C8DF10108EFAC9A8EE5D709FCC38F71A261D70805B6AE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c944f6e-4633-4d1a-919a-dc76a2bfdecb.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):25185
                                                                                                                                                                                                                                                                          Entropy (8bit):5.5714179395518295
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpyCpjZpr0HpgWP4MpdfX9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZ3pwJqpAnZ:HOpyCpjZpr0HpgWP4MpdfX9peu1jaa3i
                                                                                                                                                                                                                                                                          MD5:8883DA70D79651D514B2608072B826A5
                                                                                                                                                                                                                                                                          SHA1:1A7A4ACE00B52A9A5FD2E32EFABCC55D5E221ABC
                                                                                                                                                                                                                                                                          SHA-256:2BA20BAAF1A7F88AD1184AB3FB77B47F9BBDC4F4E296AABD48A5DA8C20CD0BF0
                                                                                                                                                                                                                                                                          SHA-512:CFA677E4AB5A6EB6ADD0C4C86D785A4A8C2D78A68B24311117694B72BA333A8C3BE52375861C99DBC87BF6370A562D5A600B02130BC8AA944E8DA025D28CB463
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):309
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2689058055105695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HT1X+M1923oH+Tcwtp3hBtB2KLltTzkq2P923oH+Tcwtp3hBWsIFUv:HxOhYebp3dFLv0v4Yebp3eFUv
                                                                                                                                                                                                                                                                          MD5:68D3BC71AA2505114875C07746FEECDD
                                                                                                                                                                                                                                                                          SHA1:5550723897273E8DD04A33DBFB985D31E36A4196
                                                                                                                                                                                                                                                                          SHA-256:240EC40C993A9C24D460ED44F758B0611A6FB2DDF4EB0FF1D6AF9452B6069D16
                                                                                                                                                                                                                                                                          SHA-512:00FC7BA5997AC2FD5F94E069A05FB751062C885A4B988301E9E18BF21927727AE250625E39BEE009E66A74FD69B2006A601253DE7A12CECB6AAFD849F168FDA8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:39:37.334 2ff4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/01/17-15:39:37.358 2ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):2164091
                                                                                                                                                                                                                                                                          Entropy (8bit):5.223255741724147
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:v+/PN8FYfc4vX0xuehuljmFFAypENUmixYmk7bc2f:v+/PN8+f20mmx
                                                                                                                                                                                                                                                                          MD5:9C055F694F8AF65A5D6C636DE94E124B
                                                                                                                                                                                                                                                                          SHA1:BCB2BFAFEBBEEB0CA88BE6446FDDF772666A8F28
                                                                                                                                                                                                                                                                          SHA-256:9BF217E502A51BCA9E48E5C1DC34652965F2E2F9B6D02136BB1DE27B36940727
                                                                                                                                                                                                                                                                          SHA-512:A9D71A0E553D9040FD1A72BAC63352DA5D60626FAF57B151E2CC0911A1CA728A5849981E1E1EF5563396FC71D9ED79C8FC1CA39595EFEB9F43B9BB685637AD09
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1383757666767975
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HNyq2P923oH+Tcwt9Eh1tIFUt8+x0Fz1Zmw++fCRkwO923oH+Tcwt9Eh15LJ:Hwv4Yeb9Eh16FUt8+o1/++u5LYeb9Ehx
                                                                                                                                                                                                                                                                          MD5:3E5C1AC26EF9F9A33B9132387AE3D74B
                                                                                                                                                                                                                                                                          SHA1:19E9E8EAD44E7B7A6A1425971AB8B6C031F1DE7A
                                                                                                                                                                                                                                                                          SHA-256:B7E6B64FC74860264D61C8F6A6D337A90A1056EB2105653E560F51C4BFFCAC44
                                                                                                                                                                                                                                                                          SHA-512:BBD10806DE51BD26DD823EB827A9CB41862D9C7BA768953FC338100032EC9037E51A7F6BA8E6F21E32E3B1A3BA7059D0CEE6E6EA174D971029B6B5DEE7C8EE19
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:39:10.448 19e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/01/17-15:39:10.449 19e4 Recovering log #3.2024/01/17-15:39:10.603 19e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1383757666767975
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HNyq2P923oH+Tcwt9Eh1tIFUt8+x0Fz1Zmw++fCRkwO923oH+Tcwt9Eh15LJ:Hwv4Yeb9Eh16FUt8+o1/++u5LYeb9Ehx
                                                                                                                                                                                                                                                                          MD5:3E5C1AC26EF9F9A33B9132387AE3D74B
                                                                                                                                                                                                                                                                          SHA1:19E9E8EAD44E7B7A6A1425971AB8B6C031F1DE7A
                                                                                                                                                                                                                                                                          SHA-256:B7E6B64FC74860264D61C8F6A6D337A90A1056EB2105653E560F51C4BFFCAC44
                                                                                                                                                                                                                                                                          SHA-512:BBD10806DE51BD26DD823EB827A9CB41862D9C7BA768953FC338100032EC9037E51A7F6BA8E6F21E32E3B1A3BA7059D0CEE6E6EA174D971029B6B5DEE7C8EE19
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:39:10.448 19e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/01/17-15:39:10.449 19e4 Recovering log #3.2024/01/17-15:39:10.603 19e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                          MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                          SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                          SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                          SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zEv/l/:/M/xT02zO/t
                                                                                                                                                                                                                                                                          MD5:77545301DC5499965ECF46EE1DD57D7B
                                                                                                                                                                                                                                                                          SHA1:149FC980E17C7F8222FD1CE4CB7F01FFA6D59C15
                                                                                                                                                                                                                                                                          SHA-256:97EE13C81B9D550C47FFD91DBFDD5F33099065ABAF8DEF3F3EFAA154658AD447
                                                                                                                                                                                                                                                                          SHA-512:6A34787854ECF3061C52E5F71DD3F5B0B9D033EC9303FCFA248803ED3DA7C6A18CA7555D7A72E27C93C8C767C0A7DB0B9DC90B2D7F45EA0B4362BEECA0A65DDC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):761951
                                                                                                                                                                                                                                                                          Entropy (8bit):5.956540608297565
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:p/ZfpcrjVTQll/MQeJyP9pE9XVlvpgUA3jE+Ye1aB+WdCW+Rx3T8CsylGQua:p/lmjVTQXZeJyP9UwTEIa4QCN3hzlR1
                                                                                                                                                                                                                                                                          MD5:D1E0D165980D8EF2528916E25C32B790
                                                                                                                                                                                                                                                                          SHA1:C28E0F402E00C2D8A74BDEFBD79E434A243AEDD3
                                                                                                                                                                                                                                                                          SHA-256:7082E390DD3663E75DA5B99E78E306FB852648ADECA0E9FEE10D662013B3E519
                                                                                                                                                                                                                                                                          SHA-512:F24C8AEC16E1035C4BB3F0E8ABB7FC4087AD8400DBD7632539FFBCF0761F26064E3F7B0A06C9C4AF6B0804E6A8CD69C75B7B0AA321B69A85F2D6790636BDA31F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1q.{.................BLOOM_FILTER:...{"numberOfHashFunctions":8,"shiftBase":10,"bloomFilterArraySize":4520148,"primeBases":[5381,5381,5381,5381],"supportedDomains":"xgT5J4GDBYI91hKc9az9ESHgR1GAjhORPZPXqv//2/+/v2/9//+ayjxkSU3dHwsR9rzBgTikhAP4hEOIXSF+ITyHqEgtAA4P8xkFAW2DSYkBirZCBLfbNU2Z5GrEospFpAESrWEQ5oFk927pZLIRoluBkiQa6sor4RILQ2IgURTRlIAfpJoCtVcUiPmQ5wk4S+YvnED+3Wmzf7//39qeAYsz/8Oz9tk90+9/eEmcT104rIGCoJBkORAqs/GOTIUiBQJ4cxjCbEBCNjomLAwoYCwhZByRyd/sp5TF1GFx9SXdlCKhABxFLQEeIlD5N6soGK2ktP3T1I4olJhUkXoG8lhw4f2///L/6p//3//cEEYz6+zLK6n5vtJd8ln+Q+NfCUHU/WRXHCAgKPAJGNkACANE0BG1GIKG4Zq++dCqiA6xZaVyjeBDSCQu08UEJOD0+3wEDiY9TtlzCw5YFemirEMMKd7EEGxwhfajgS8a7vH//2t0BpSEw5JN6rf1gIFWji8DxWeQEnfvO89PlwQEIKDGXQM7NUQsA4grgSSugWEk5KISMnMbCBkbWbAJ8chQ6MqNhHhklgWCgVS0wUvIjrKVccGgBs46OCegJqerYqR14PJnJVVOQsZRCDjOFdosLYWOC/zt5zvr////9/f///3//3u1IFz/0SchAV1e7d5QGgkCmt6SQ3EBAgRoGrnIgXvaBluwB5oPlguirhIigHad/AeHNFXu3DxZDMbDgjJs7/9F7T49wMJEM7GwwFQwKXhtfSJIQCBzGJEc0UAuADBtlUA4o7u2Id

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):142
                                                                                                                                                                                                                                                                          Entropy (8bit):5.086903077584169
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:JZ//38E28xp4m3rscUSVQXWnRXkotlf+nETPxpK2x7L/kXuxtRuCfGLxn:TX38D8xSEsIVDnxT+n0PxEWX0stoC6xn
                                                                                                                                                                                                                                                                          MD5:AB550E10F30BBA5CCFBADE7E9A6ADBC1
                                                                                                                                                                                                                                                                          SHA1:A33C1D64392B9F106EDF12F43AB04F3EAE7FD0EE
                                                                                                                                                                                                                                                                          SHA-256:9D4FFA775C1F119E6B9115C827391D460275368F44732EBCDEF6863848D76E10
                                                                                                                                                                                                                                                                          SHA-512:26831C7BAEEC5B4E25FDA72DCC48352B69202AEF812D5B1ADBDE04F6CF05C0C3DB988297EE9AF43B10CB82CFC935460D9DD6C5FF462F4FE5839CFC3297886FBC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.,.U9................BLOOM_FILTER_EXPIRY_TIME:.1705588738.734208.+.XG................BLOOM_FILTER_LAST_MODIFIED:.Wed, 17 Jan 2024 13:19:27 GMT

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):761898
                                                                                                                                                                                                                                                                          Entropy (8bit):5.955482997218464
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:D/ZfpcrfVTyllWMueJyP9pK9FVlcpkUuljE6YeKAB++d2Q+RU3TeCoy2vD9N:D/lmfVTyXGeJyP9ej1E5A4o2m3f32rH
                                                                                                                                                                                                                                                                          MD5:70B9A461E496517BB03236A4AD7A9A54
                                                                                                                                                                                                                                                                          SHA1:8B3CC2CF0D409FFD7339056DFA4140F2F224A7C9
                                                                                                                                                                                                                                                                          SHA-256:AA2F55580F545693006B524E3307AEB62F0F634EC5AE4D27FFE479A32E68E92B
                                                                                                                                                                                                                                                                          SHA-512:5EE270ECEADAC09D2FBF4BF54CEFBF446D6C8B6835821B23E12AF2EEBE7E8B5A25C5227E9200D34A621CFD6FD89926F8F041D2FA77C5F3E329AAEF1DAEE70E31
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":10,"bloomFilterArraySize":4520148,"primeBases":[5381,5381,5381,5381],"supportedDomains":"xgT5J4GDBYI91hKc9az9ESHgR1GAjhORPZPXqv//2/+/v2/9//+ayjxkSU3dHwsR9rzBgTikhAP4hEOIXSF+ITyHqEgtAA4P8xkFAW2DSYkBirZCBLfbNU2Z5GrEospFpAESrWEQ5oFk927pZLIRoluBkiQa6sor4RILQ2IgURTRlIAfpJoCtVcUiPmQ5wk4S+YvnED+3Wmzf7//39qeAYsz/8Oz9tk90+9/eEmcT104rIGCoJBkORAqs/GOTIUiBQJ4cxjCbEBCNjomLAwoYCwhZByRyd/sp5TF1GFx9SXdlCKhABxFLQEeIlD5N6soGK2ktP3T1I4olJhUkXoG8lhw4f2///L/6p//3//cEEYz6+zLK6n5vtJd8ln+Q+NfCUHU/WRXHCAgKPAJGNkACANE0BG1GIKG4Zq++dCqiA6xZaVyjeBDSCQu08UEJOD0+3wEDiY9TtlzCw5YFemirEMMKd7EEGxwhfajgS8a7vH//2t0BpSEw5JN6rf1gIFWji8DxWeQEnfvO89PlwQEIKDGXQM7NUQsA4grgSSugWEk5KISMnMbCBkbWbAJ8chQ6MqNhHhklgWCgVS0wUvIjrKVccGgBs46OCegJqerYqR14PJnJVVOQsZRCDjOFdosLYWOC/zt5zvr////9/f///3//3u1IFz/0SchAV1e7d5QGgkCmt6SQ3EBAgRoGrnIgXvaBluwB5oPlguirhIigHad/AeHNFXu3DxZDMbDgjJs7/9F7T49wMJEM7GwwFQwKXhtfSJIQCBzGJEc0UAuADBtlUA4o7u2IdYyQhNaxkuSf/xOavuutu/HbQSUisQcFOz1rc////6xPH

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                                                                                          Entropy (8bit):5.293889484496453
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:HiL+v4Yebn9GFUt8+2/++tV5LYebn95Z9ttLW6f0vtL/If/K+tLxmh:94Yeb9ig8LLYeb9z4jFXh
                                                                                                                                                                                                                                                                          MD5:21B19B2CA520B01F3C608D86635B5794
                                                                                                                                                                                                                                                                          SHA1:CEA5AC38CE30098C18720EB5E16EE6FD429211ED
                                                                                                                                                                                                                                                                          SHA-256:B3FF21412AFD83FB6C8A95F679ED16BCD765085493F931EBF7BF2DD160288BC2
                                                                                                                                                                                                                                                                          SHA-512:7E5290B3973D9919B1D60120B1BE22B5DA85C690A0EC4DE52C1990757B1B43C1C7E82D70F0FDBEB568C7E168E0FEAE7B163CF70E16CF476A3004CF7B18977A6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.844 31dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/01/17-15:38:45.846 31dc Recovering log #3.2024/01/17-15:38:45.847 31dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/01/17-15:38:58.811 268c Level-0 table #5: started.2024/01/17-15:38:58.906 268c Level-0 table #5: 761898 bytes OK.2024/01/17-15:38:58.912 268c Delete type=0 #3.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                                                                                          Entropy (8bit):5.293889484496453
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:HiL+v4Yebn9GFUt8+2/++tV5LYebn95Z9ttLW6f0vtL/If/K+tLxmh:94Yeb9ig8LLYeb9z4jFXh
                                                                                                                                                                                                                                                                          MD5:21B19B2CA520B01F3C608D86635B5794
                                                                                                                                                                                                                                                                          SHA1:CEA5AC38CE30098C18720EB5E16EE6FD429211ED
                                                                                                                                                                                                                                                                          SHA-256:B3FF21412AFD83FB6C8A95F679ED16BCD765085493F931EBF7BF2DD160288BC2
                                                                                                                                                                                                                                                                          SHA-512:7E5290B3973D9919B1D60120B1BE22B5DA85C690A0EC4DE52C1990757B1B43C1C7E82D70F0FDBEB568C7E168E0FEAE7B163CF70E16CF476A3004CF7B18977A6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.844 31dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/01/17-15:38:45.846 31dc Recovering log #3.2024/01/17-15:38:45.847 31dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/01/17-15:38:58.811 268c Level-0 table #5: started.2024/01/17-15:38:58.906 268c Level-0 table #5: 761898 bytes OK.2024/01/17-15:38:58.912 268c Delete type=0 #3.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):103
                                                                                                                                                                                                                                                                          Entropy (8bit):5.267898014713841
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVj/wIuThinKqoPxFxN3erkEtl:scoBY7j/wZQuPxFDkHl
                                                                                                                                                                                                                                                                          MD5:203000AD70257E34A574B226A00C2640
                                                                                                                                                                                                                                                                          SHA1:91D2A64105B8194DFAE943028E4F53D565004EC7
                                                                                                                                                                                                                                                                          SHA-256:EDBB0AAC8F6DEC2619AEFECED91311902157D166E2464363215492888549B6D9
                                                                                                                                                                                                                                                                          SHA-512:F78C6A3573A0E80DB3EFECC1356C5804FB1A08609F83C99CA5A087507E3EAF3AD85BE6D46B84931171092E9D7A852713358C06DEDFF5B9BF686436BC86991E42
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......^.U.7.................BLOOM_FILTER:.........DB_VERSION........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):392647
                                                                                                                                                                                                                                                                          Entropy (8bit):5.409500263416639
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:Wz/imSpx6WLPS+KWFHu5MURafq49QxxEnyEndBuHltBfdK5WNbsVEtiPqCfXtLPb:Wc6Mxq49mEndBuHltBfdK5WNbsVEtiPX
                                                                                                                                                                                                                                                                          MD5:951807CC3AD4E1C9C8FAF3224DBC5FF4
                                                                                                                                                                                                                                                                          SHA1:3FB789CBDA2E2B5314016C31FB33CEDD1639D310
                                                                                                                                                                                                                                                                          SHA-256:6CB1289FC0F900130C1BC68D0F8F52CC0A400F0A9C70E0FE42D1189E8D5D7E8D
                                                                                                                                                                                                                                                                          SHA-512:86EFBFEB39F54975F1E5F9348C8A24423532CCF584288434828C8D4A6BCA995106AAE437487E51732410CA58571AD571F3C2A23749BFBFAEE141E7E34B82691B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1...................&QUERY_TIMESTAMP:domains_config_gz2.*.*.13349975951086558..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=ODCnll3A%2Fpr7IBDaNsDR2zA%2FOssZl6xdmLkM6vzzbZ0%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-03-31T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":75},"hash":"EwG2gkfquexLj6u3yjHyiL4YQwdU318k1Hub+1rSDMI=","size":391864}].....}...............ASSET_VERSION:domains_config_gz.2.8.75..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):311
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2007753711843
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HBIAERM1923oH+Tcwtk2WwnvB2KLltVkTHMq2P923oH+Tcwtk2WwnvIFUv:H7ERhYebkxwnvFLvHv4YebkxwnQFUv
                                                                                                                                                                                                                                                                          MD5:4502E8F3B66E8E93BAF5FD7633B9B28A
                                                                                                                                                                                                                                                                          SHA1:61DB94B2F55ACB98B57D2F9955878EA42EF31551
                                                                                                                                                                                                                                                                          SHA-256:73C9B9B33CCBAFEBC0FE39210783C7786A2B14DDEF75ACDD16812F3F5DA61C48
                                                                                                                                                                                                                                                                          SHA-512:644636FB0D4415FD4976ABB3D7700FA928B1C239F4F42EBED92BF2BD766123C6E9ECA5B29D586E17656B09282A9A0224888E8704FCA991F3B0DBD02D59729D52
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:39:10.421 26b4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/01/17-15:39:10.556 26b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):374810
                                                                                                                                                                                                                                                                          Entropy (8bit):5.396158681461455
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:dWLgimLVvUrsc6rRA81b/18jyJNjfvrfM6RN:cLBgAg1zfvl
                                                                                                                                                                                                                                                                          MD5:6233424BDB1C348B426475A4BD1BC61E
                                                                                                                                                                                                                                                                          SHA1:3BD8629C839306675DBFD056DA36F7D29244B5DF
                                                                                                                                                                                                                                                                          SHA-256:AF183B760A78B8A848A55016090850763C445585ACAF011BED27ECA77ED59A05
                                                                                                                                                                                                                                                                          SHA-512:152FDAC428F05D274C4946132111A8B75F60936528F7C6A5B2F73EF7FA1C29DF38FEE6721523D350331A8819CB6DC320BE4E6E4AA1AD2AAC9EA68CE9604B256D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                          MD5:9FE07A071FDA31327FA322B32FCA0B7E
                                                                                                                                                                                                                                                                          SHA1:A3E0BAE8853A163C9BB55F68616C795AAAF462E8
                                                                                                                                                                                                                                                                          SHA-256:E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
                                                                                                                                                                                                                                                                          SHA-512:9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.231139757113622
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Hbi+q2P923oH+Tcwt8aPrqIFUt8+YxAWZmw++YJVkwO923oH+Tcwt8amLJ:Hbi+v4YebL3FUt8+YxAW/++YJV5LYebc
                                                                                                                                                                                                                                                                          MD5:35BA85D871CFE746D7D3AEDE59BFFD80
                                                                                                                                                                                                                                                                          SHA1:4FFC938A6587A398058DBCE2E1525DF19FBB8BDC
                                                                                                                                                                                                                                                                          SHA-256:4DD44E0CA4BB6B45528672AEF55ACFF46EF44247F4AA3FD3C443B812AD16B404
                                                                                                                                                                                                                                                                          SHA-512:A2B2C38678FC8D321F4C663392FCC1D17E917F2DC6E02D47134D5EB0B0133BC4A07593F9B58EDD711309488EF158B26AB34A529C22F80295625AC69B9E5AE426
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.896 31cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/01/17-15:38:45.906 31cc Recovering log #3.2024/01/17-15:38:45.924 31cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.231139757113622
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Hbi+q2P923oH+Tcwt8aPrqIFUt8+YxAWZmw++YJVkwO923oH+Tcwt8amLJ:Hbi+v4YebL3FUt8+YxAW/++YJV5LYebc
                                                                                                                                                                                                                                                                          MD5:35BA85D871CFE746D7D3AEDE59BFFD80
                                                                                                                                                                                                                                                                          SHA1:4FFC938A6587A398058DBCE2E1525DF19FBB8BDC
                                                                                                                                                                                                                                                                          SHA-256:4DD44E0CA4BB6B45528672AEF55ACFF46EF44247F4AA3FD3C443B812AD16B404
                                                                                                                                                                                                                                                                          SHA-512:A2B2C38678FC8D321F4C663392FCC1D17E917F2DC6E02D47134D5EB0B0133BC4A07593F9B58EDD711309488EF158B26AB34A529C22F80295625AC69B9E5AE426
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.896 31cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/01/17-15:38:45.906 31cc Recovering log #3.2024/01/17-15:38:45.924 31cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):380
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                          MD5:9FE07A071FDA31327FA322B32FCA0B7E
                                                                                                                                                                                                                                                                          SHA1:A3E0BAE8853A163C9BB55F68616C795AAAF462E8
                                                                                                                                                                                                                                                                          SHA-256:E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
                                                                                                                                                                                                                                                                          SHA-512:9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.230658403974353
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HYqUB+q2P923oH+Tcwt865IFUt8++KXWZmw++xtVkwO923oH+Tcwt86+ULJ:HYqUB+v4Yeb/WFUt8++GW/++jV5LYebD
                                                                                                                                                                                                                                                                          MD5:C1FA36226A30B17CA9E28C7FA068A4C3
                                                                                                                                                                                                                                                                          SHA1:733239FC787397C7D2D8F96E8387CBC3B88009F1
                                                                                                                                                                                                                                                                          SHA-256:317778914B13E5D15FF4C938E54BBF986C1D687892D518C966B1D7A4BC6BCCED
                                                                                                                                                                                                                                                                          SHA-512:4A31C9652C55EDB379097EDE9A0C03A0D194146F40E63B02FE2E654BA2AB3D4C8633DAEFD05B26AE55A265295DF49821FDB5053AAD0500D2A8D518E9D79D9CD6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.986 31cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/01/17-15:38:46.075 31cc Recovering log #3.2024/01/17-15:38:46.085 31cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.230658403974353
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HYqUB+q2P923oH+Tcwt865IFUt8++KXWZmw++xtVkwO923oH+Tcwt86+ULJ:HYqUB+v4Yeb/WFUt8++GW/++jV5LYebD
                                                                                                                                                                                                                                                                          MD5:C1FA36226A30B17CA9E28C7FA068A4C3
                                                                                                                                                                                                                                                                          SHA1:733239FC787397C7D2D8F96E8387CBC3B88009F1
                                                                                                                                                                                                                                                                          SHA-256:317778914B13E5D15FF4C938E54BBF986C1D687892D518C966B1D7A4BC6BCCED
                                                                                                                                                                                                                                                                          SHA-512:4A31C9652C55EDB379097EDE9A0C03A0D194146F40E63B02FE2E654BA2AB3D4C8633DAEFD05B26AE55A265295DF49821FDB5053AAD0500D2A8D518E9D79D9CD6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.986 31cc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/01/17-15:38:46.075 31cc Recovering log #3.2024/01/17-15:38:46.085 31cc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1140
                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                                          MD5:914FD8DC5F9A741C6947E1AB12A9D113
                                                                                                                                                                                                                                                                          SHA1:6529EFE14E7B0BEA47D78B147243096408CDAAE4
                                                                                                                                                                                                                                                                          SHA-256:8BE3C96EE64B5D2768057EA1C4D1A70F40A0041585F3173806E2278E9300960B
                                                                                                                                                                                                                                                                          SHA-512:2862BF83C061414EFA2AC035FFC25BA9C4ED523B430FDEEED4974F55D4450A62766C2E799D0ACDB8269210078547048ACAABFD78EDE6AB91133E30F6B5EBFFBD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.186527969569466
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:H8u0q2P923oH+Tcwt8NIFUt8+6OZmw++YkwO923oH+Tcwt8+eLJ:HN0v4YebpFUt8+6O/++Y5LYebqJ
                                                                                                                                                                                                                                                                          MD5:50E7C712FB9F8EC5C78926549C3E9F89
                                                                                                                                                                                                                                                                          SHA1:90427A6CEE7532B5CF91BF43E278124631BB503F
                                                                                                                                                                                                                                                                          SHA-256:433286763BB74939B7D01F2363C13AE70298C1CC50CE03903F48187ACFA92405
                                                                                                                                                                                                                                                                          SHA-512:1E8606A62A927C36BF6D374E0214F20F6AF3B1F56C966233A6FCDAF657C4693BDF8AA945E39E33752C1B4A93D915A0C232825AAE53393C5457FF3B38EC6CE6A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:47.403 1884 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/01/17-15:38:47.405 1884 Recovering log #3.2024/01/17-15:38:47.406 1884 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.186527969569466
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:H8u0q2P923oH+Tcwt8NIFUt8+6OZmw++YkwO923oH+Tcwt8+eLJ:HN0v4YebpFUt8+6O/++Y5LYebqJ
                                                                                                                                                                                                                                                                          MD5:50E7C712FB9F8EC5C78926549C3E9F89
                                                                                                                                                                                                                                                                          SHA1:90427A6CEE7532B5CF91BF43E278124631BB503F
                                                                                                                                                                                                                                                                          SHA-256:433286763BB74939B7D01F2363C13AE70298C1CC50CE03903F48187ACFA92405
                                                                                                                                                                                                                                                                          SHA-512:1E8606A62A927C36BF6D374E0214F20F6AF3B1F56C966233A6FCDAF657C4693BDF8AA945E39E33752C1B4A93D915A0C232825AAE53393C5457FF3B38EC6CE6A4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:47.403 1884 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/01/17-15:38:47.405 1884 Recovering log #3.2024/01/17-15:38:47.406 1884 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):3.369036285805976
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:0BCyAlTJ7d9HeWFwqlelS9nsH4/AztcFvuuoKw0lTJ7dNHjaWFE:mNoTJ7d0WFwqJsHXzC1Po1ATJ7d4WFE
                                                                                                                                                                                                                                                                          MD5:92D9875BA255823948CCDDA4AFD15F52
                                                                                                                                                                                                                                                                          SHA1:0194F2D37D6170B74D282D154A9F02D6A75BA8E9
                                                                                                                                                                                                                                                                          SHA-256:B7662B7B2C0ECA4C309E0897559BF48054277375655C50F294695557301A4976
                                                                                                                                                                                                                                                                          SHA-512:297A4A6CBB53FF1735C88D281BB5CE22DDD1DF65B81BD20E2B2361947F6245520184AB59031188903FB54FBD1E873B1AC7D55BDE8AB8D506CC29D1FD6E9ADB77
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zEs63/l/:/M/xT02zo/t
                                                                                                                                                                                                                                                                          MD5:D1AE3BB657BFAB2A8C07943129F4EBE0
                                                                                                                                                                                                                                                                          SHA1:A742E181008FBE16FF30FE0CF2F62EDA5270CF19
                                                                                                                                                                                                                                                                          SHA-256:47C653F4C75D740F999A5303AC65F8E9E90D01EB8AEEFD7DDD87687711F1970C
                                                                                                                                                                                                                                                                          SHA-512:D76E6BF20D35AB0B71382A8D1126F3F37DB30510402FA68519A719F5339627FF4A1A1E913F3D35A7FF95B384CC172D18F467768443E5066A1D5F576BA9FAC5EE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                          Entropy (8bit):0.9261689364924411
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:6A7AeAYAdAIAnAhADAGA5A1+oiMBBEA7ASA7ALr:rEftC9AWcXediEEzEX
                                                                                                                                                                                                                                                                          MD5:D333E149BDE8EBBEC50538C31F9A3152
                                                                                                                                                                                                                                                                          SHA1:D7CB8FD8DB10D2647083956F73321A58707402A8
                                                                                                                                                                                                                                                                          SHA-256:EAB8252382619BDD277E585D40EC36E4176846433E40F0B57CE382BF65DD0FB5
                                                                                                                                                                                                                                                                          SHA-512:F49B41EC6BB93917E30DF85B4B8D0FDD44964D4F7A144E4C4B6D6D4CFD0ECAC9EC4620E0F7802A7E61B3D652651C64BF21A7EB0649D547B9B9FEFF508B5D2529
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9191745569751775
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:jj9P0M9QkQerkjlxP/KbtLcNhkCgam6IFRKToaAF773pLG:jdbe2mlxP/NN+F1RKcJ78
                                                                                                                                                                                                                                                                          MD5:12B4A9E8D31E4F8760CB069D0E1458B5
                                                                                                                                                                                                                                                                          SHA1:C443527D050318AC5BC19E04908E979579468F40
                                                                                                                                                                                                                                                                          SHA-256:F1ADD781C042608C43B9946D2BD386772520710DFD28EDEEA8D76A19C080BD70
                                                                                                                                                                                                                                                                          SHA-512:582123C68D287CAF410CF05F1B9EB9F2A4F8BA574B2C875EC6EDCC17AC2FC4045680360295727F23C291798A6D20074BE821B5F17EB37B987B73A5D3093E6027
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):408
                                                                                                                                                                                                                                                                          Entropy (8bit):5.302094219672753
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:Hoav4Yeb8rcHEZrELFUt8+m/++lP5LYeb8rcHEZrEZSJ:Ig4Yeb8nZrExg8RLYeb8nZrEZe
                                                                                                                                                                                                                                                                          MD5:9012CEBBA34776A14E25599BA53DA2C6
                                                                                                                                                                                                                                                                          SHA1:84369712429080344F1A12FFFD787B50CB02D437
                                                                                                                                                                                                                                                                          SHA-256:483800AAE62C94D12203110D10B21AED9307C163EC38C6D5ECE6C99D8F5C8D9E
                                                                                                                                                                                                                                                                          SHA-512:DBDD57C472B472D2DC90177CDFD7D91F846C699B6C13F1107039908603CB69E163FEEB8921B43D491EF9BB16FEA9DF5505DBFD90B6D3B6F9E278511CA5316992
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:55.353 1884 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/01/17-15:38:55.355 1884 Recovering log #3.2024/01/17-15:38:55.356 1884 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):408
                                                                                                                                                                                                                                                                          Entropy (8bit):5.302094219672753
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:Hoav4Yeb8rcHEZrELFUt8+m/++lP5LYeb8rcHEZrEZSJ:Ig4Yeb8nZrExg8RLYeb8nZrEZe
                                                                                                                                                                                                                                                                          MD5:9012CEBBA34776A14E25599BA53DA2C6
                                                                                                                                                                                                                                                                          SHA1:84369712429080344F1A12FFFD787B50CB02D437
                                                                                                                                                                                                                                                                          SHA-256:483800AAE62C94D12203110D10B21AED9307C163EC38C6D5ECE6C99D8F5C8D9E
                                                                                                                                                                                                                                                                          SHA-512:DBDD57C472B472D2DC90177CDFD7D91F846C699B6C13F1107039908603CB69E163FEEB8921B43D491EF9BB16FEA9DF5505DBFD90B6D3B6F9E278511CA5316992
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:55.353 1884 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/01/17-15:38:55.355 1884 Recovering log #3.2024/01/17-15:38:55.356 1884 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                          Entropy (8bit):5.204482791043382
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Hnq2P923oH+Tcwt8a2jMGIFUt8+wZmw++QzkwO923oH+Tcwt8a2jMmLJ:Hnv4Yeb8EFUt8+w/++Qz5LYeb8bJ
                                                                                                                                                                                                                                                                          MD5:524C3A7F9F70AF3E4366FDC39560B73C
                                                                                                                                                                                                                                                                          SHA1:15E3B9E9B3562A63F0A5416CC7723E1DA42AB073
                                                                                                                                                                                                                                                                          SHA-256:16266353A8B84765B7B22B400AD2D52573BEB694F4BF2CB074F85722C5061701
                                                                                                                                                                                                                                                                          SHA-512:FC73C95F017EBCBDBE1736CEAF42459F3558E3CA5BA9B62B3F1F8F4C29591574C4DEA8DACB614882CF191C606B20603F20A1C50CFAE025756E37B5A3635C8232
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.802 864 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/01/17-15:38:46.804 864 Recovering log #3.2024/01/17-15:38:46.817 864 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                          Entropy (8bit):5.204482791043382
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Hnq2P923oH+Tcwt8a2jMGIFUt8+wZmw++QzkwO923oH+Tcwt8a2jMmLJ:Hnv4Yeb8EFUt8+w/++Qz5LYeb8bJ
                                                                                                                                                                                                                                                                          MD5:524C3A7F9F70AF3E4366FDC39560B73C
                                                                                                                                                                                                                                                                          SHA1:15E3B9E9B3562A63F0A5416CC7723E1DA42AB073
                                                                                                                                                                                                                                                                          SHA-256:16266353A8B84765B7B22B400AD2D52573BEB694F4BF2CB074F85722C5061701
                                                                                                                                                                                                                                                                          SHA-512:FC73C95F017EBCBDBE1736CEAF42459F3558E3CA5BA9B62B3F1F8F4C29591574C4DEA8DACB614882CF191C606B20603F20A1C50CFAE025756E37B5A3635C8232
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.802 864 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/01/17-15:38:46.804 864 Recovering log #3.2024/01/17-15:38:46.817 864 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24576
                                                                                                                                                                                                                                                                          Entropy (8bit):0.40279358311662466
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IiZdM:TxKX0wxORAmA/U1cEB5IiZdM
                                                                                                                                                                                                                                                                          MD5:50885AECCF5EE89FE75E9856247729B7
                                                                                                                                                                                                                                                                          SHA1:169AEF822E9B3A444165AC519492C42470773288
                                                                                                                                                                                                                                                                          SHA-256:BC7F1887DFA84DA64FD0E5673DED699A9C97B142ACD3A210A6D6C85A3A0D8274
                                                                                                                                                                                                                                                                          SHA-512:18D53D3AC484004A115CA1238508B731B3CE091200A6CEC132D576B654907BD2715D8DF40DE209385166AAE624EFDE34608A50656995BBF1213A698E75457556
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0a2bf360-1bd5-40c4-aae8-9b38aaca283e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.291251584278446
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjObed0XoPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQK6fQ:YWyWNKyd0XoBv31dB8wXwlmUUAnIMp5L
                                                                                                                                                                                                                                                                          MD5:69A8555CC3860B6A7CEDA0767C29DEC2
                                                                                                                                                                                                                                                                          SHA1:6EB0FBD4AC625D77A8459C75D296C164AAFCA4E2
                                                                                                                                                                                                                                                                          SHA-256:748A07122A73C71D576FDEF5828CF69255A113D580BC9B2EE7B2D6EF0CC6B5B4
                                                                                                                                                                                                                                                                          SHA-512:3A08D4A01F0CBCF88379BA58484D0CF2E85CA567EE126E6DBFE004B069D05DF86DA6E36C662015F768E63C2E6678F66D7BDDE19CCB8FDC3D0EBEE2DC4B705476
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038395.818827,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502395.818833}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\52db88e5-fbf8-41f3-a1db-fb0fef640362.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7695e8c3-95a8-4d9e-9c0d-e83f49ce0e1b.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2767
                                                                                                                                                                                                                                                                          Entropy (8bit):5.315315625406932
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YcleeBgCzsUtszfcKsSW4kBRsugsvr+HVsW+HRs8esg3Hl+cs3+HJbxo+:FkeBTIe4kBRL4R4OT3l+74JVo+
                                                                                                                                                                                                                                                                          MD5:3876707991C592BF1AEBC445B5BD95F5
                                                                                                                                                                                                                                                                          SHA1:E76DAA4C75620145614544E6277B48AF9EB379BA
                                                                                                                                                                                                                                                                          SHA-256:EB0C3856DF3831CE019E8DF78300D5875548C54084B81499A67BB64959CEEA92
                                                                                                                                                                                                                                                                          SHA-512:EE621FF2FA5914F7AF673298A7B1FC467A4E1CAB9F6AC34C89EEB0FF435C5EB968C563A8EE9FFFFE5D8B84CD08BEA153F4DE30AEC1A83E22D628ED80455C9AF0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352567927842895","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352567935991911","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352567941035508","port":443,"protocol_str":"quic"}],"anonymizatio

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8cd7aa40-f850-4229-841f-557e8bd5568c.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.9812117838146012
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TL6dnKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfBgha569tVf1/EWsFyG:T2dKLopF+SawLUO1Xj8ByaAzVNZsFyG
                                                                                                                                                                                                                                                                          MD5:1F0A1958450B380A59FF2DCBFB817264
                                                                                                                                                                                                                                                                          SHA1:F545E908BA8AD096CF964AC90748CD5005212E1C
                                                                                                                                                                                                                                                                          SHA-256:3AA8B420D1D955D0828FB3A4E33A7ACA624673EF6D6123CF2CFCFF9546BA55BE
                                                                                                                                                                                                                                                                          SHA-512:F3C7C8CD5E3956EBCBAD487CCAE3E4F9AD97A29534C47B97F3D73CA9E52E960363ECC29BC45ECFC11819CD1DEB6DCF95A0B19B44B50676F0F12F0F67C5383E70
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2767
                                                                                                                                                                                                                                                                          Entropy (8bit):5.315315625406932
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YcleeBgCzsUtszfcKsSW4kBRsugsvr+HVsW+HRs8esg3Hl+cs3+HJbxo+:FkeBTIe4kBRL4R4OT3l+74JVo+
                                                                                                                                                                                                                                                                          MD5:3876707991C592BF1AEBC445B5BD95F5
                                                                                                                                                                                                                                                                          SHA1:E76DAA4C75620145614544E6277B48AF9EB379BA
                                                                                                                                                                                                                                                                          SHA-256:EB0C3856DF3831CE019E8DF78300D5875548C54084B81499A67BB64959CEEA92
                                                                                                                                                                                                                                                                          SHA-512:EE621FF2FA5914F7AF673298A7B1FC467A4E1CAB9F6AC34C89EEB0FF435C5EB968C563A8EE9FFFFE5D8B84CD08BEA153F4DE30AEC1A83E22D628ED80455C9AF0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352567927842895","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352567935991911","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352567941035508","port":443,"protocol_str":"quic"}],"anonymizatio

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                          Entropy (8bit):1.3296587036978935
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:JkIEumQv8m1ccnvS6+o2dQB2YQ9UZw1cRVkc:+IEumQv8m1ccnvS652A2rUZwGx
                                                                                                                                                                                                                                                                          MD5:6450B8CE94CE7027919923B10A261C6C
                                                                                                                                                                                                                                                                          SHA1:7EE4E221E74837F17EC8A2B71915029C3815D086
                                                                                                                                                                                                                                                                          SHA-256:74F79135D80DC14F7110BED186D99A2BD6B6029DD4CFA928E07AB95375BBA4DE
                                                                                                                                                                                                                                                                          SHA-512:B69DDB347A884947C58419B2A706282833E0AC48266D55BFC9F1939C694265A63BE203E3F5BB0BDA556955B2EFBCBCC4C3DBC27140DD8C75CD6BF2C3A38E6FFF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF40de7.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.335420533873116
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOQCJDBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQ4sFVw:YWyWNKQCXBv31dB8wXwlmUUAnIMp5Q4F
                                                                                                                                                                                                                                                                          MD5:7AE6D43D262B6471F2DF4CD5CFA16909
                                                                                                                                                                                                                                                                          SHA1:9BD2AE8A4CB36D19B1D40D9607CF07A8D0AA952B
                                                                                                                                                                                                                                                                          SHA-256:66D827EDC5C536473ADF2D28FF47E14125740C1009D668CC179C9F12D26A2063
                                                                                                                                                                                                                                                                          SHA-512:9DA37C035467C89EF9E6ABA2CF3A50912C06ADDA50068EB0104DC34B43FC6B5215EF7391016092029D1154199EE335AC1F6E84A2D9614440ADAEF3E9AE131F25
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038328.626915,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502328.626919}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4cb7a.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.335420533873116
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOQCJDBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQ4sFVw:YWyWNKQCXBv31dB8wXwlmUUAnIMp5Q4F
                                                                                                                                                                                                                                                                          MD5:7AE6D43D262B6471F2DF4CD5CFA16909
                                                                                                                                                                                                                                                                          SHA1:9BD2AE8A4CB36D19B1D40D9607CF07A8D0AA952B
                                                                                                                                                                                                                                                                          SHA-256:66D827EDC5C536473ADF2D28FF47E14125740C1009D668CC179C9F12D26A2063
                                                                                                                                                                                                                                                                          SHA-512:9DA37C035467C89EF9E6ABA2CF3A50912C06ADDA50068EB0104DC34B43FC6B5215EF7391016092029D1154199EE335AC1F6E84A2D9614440ADAEF3E9AE131F25
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038328.626915,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502328.626919}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4cbc8.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.335420533873116
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOQCJDBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQ4sFVw:YWyWNKQCXBv31dB8wXwlmUUAnIMp5Q4F
                                                                                                                                                                                                                                                                          MD5:7AE6D43D262B6471F2DF4CD5CFA16909
                                                                                                                                                                                                                                                                          SHA1:9BD2AE8A4CB36D19B1D40D9607CF07A8D0AA952B
                                                                                                                                                                                                                                                                          SHA-256:66D827EDC5C536473ADF2D28FF47E14125740C1009D668CC179C9F12D26A2063
                                                                                                                                                                                                                                                                          SHA-512:9DA37C035467C89EF9E6ABA2CF3A50912C06ADDA50068EB0104DC34B43FC6B5215EF7391016092029D1154199EE335AC1F6E84A2D9614440ADAEF3E9AE131F25
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038328.626915,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502328.626919}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4cc07.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.335420533873116
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOQCJDBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQ4sFVw:YWyWNKQCXBv31dB8wXwlmUUAnIMp5Q4F
                                                                                                                                                                                                                                                                          MD5:7AE6D43D262B6471F2DF4CD5CFA16909
                                                                                                                                                                                                                                                                          SHA1:9BD2AE8A4CB36D19B1D40D9607CF07A8D0AA952B
                                                                                                                                                                                                                                                                          SHA-256:66D827EDC5C536473ADF2D28FF47E14125740C1009D668CC179C9F12D26A2063
                                                                                                                                                                                                                                                                          SHA-512:9DA37C035467C89EF9E6ABA2CF3A50912C06ADDA50068EB0104DC34B43FC6B5215EF7391016092029D1154199EE335AC1F6E84A2D9614440ADAEF3E9AE131F25
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038328.626915,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502328.626919}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b6d2ed68-347c-494f-84ac-46ab2a4ebfa3.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b818eab4-563c-4968-80a9-a72a90aaccbd.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.331182600457533
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOWnSIQJHNK8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqn9:YWyWNKWnSI2Y8Bv31dB8wXwlmUUAnIM1
                                                                                                                                                                                                                                                                          MD5:3D24601498407FD6E96561F9A36762F4
                                                                                                                                                                                                                                                                          SHA1:7568591B3483AE7854683574D9FF4153DCC2C2CC
                                                                                                                                                                                                                                                                          SHA-256:19A4A1854D104E58A72BCF0574181F89D75AD7EFF8C98C205AF6F6A97396358F
                                                                                                                                                                                                                                                                          SHA-512:E4D2D2936E64D8D82217CBC6AB7E1F40BDE57508A1200DA6DF6EFA7FEF98FC4B490C2F0691F20FAE99B92D5B0CCC406C99B8421CA9EC8F96D7CFE24BB3CAF7D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038342.627585,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502342.627589}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e8c9567c-8668-4acf-ba60-588ac7a0e89e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.335420533873116
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOQCJDBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQ4sFVw:YWyWNKQCXBv31dB8wXwlmUUAnIMp5Q4F
                                                                                                                                                                                                                                                                          MD5:7AE6D43D262B6471F2DF4CD5CFA16909
                                                                                                                                                                                                                                                                          SHA1:9BD2AE8A4CB36D19B1D40D9607CF07A8D0AA952B
                                                                                                                                                                                                                                                                          SHA-256:66D827EDC5C536473ADF2D28FF47E14125740C1009D668CC179C9F12D26A2063
                                                                                                                                                                                                                                                                          SHA-512:9DA37C035467C89EF9E6ABA2CF3A50912C06ADDA50068EB0104DC34B43FC6B5215EF7391016092029D1154199EE335AC1F6E84A2D9614440ADAEF3E9AE131F25
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038328.626915,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502328.626919}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f832c42a-9e7a-4819-928b-33872aee4cdc.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):187
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2963322769911
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWRAWNjOXJ3JYWTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqnQzi+:YWyWNKNJXBv31dB8wXwlmUUAnIMp5Q3/
                                                                                                                                                                                                                                                                          MD5:5224ADA31D5E3C1B7795919D16C6A10D
                                                                                                                                                                                                                                                                          SHA1:FB93AF512E44AE50A3C54DE6443E537DC30D38F4
                                                                                                                                                                                                                                                                          SHA-256:1D9CB48F0139CFD6F1D8347C0B6E6F6C1DFC896990540DD1D7E3D0B0B3DED921
                                                                                                                                                                                                                                                                          SHA-512:52D3CAA731992806DB16CC28D9E9DC0DC8D6FDF1EBC3F59645E01AC6DF06F4DE76DD90B1F4CC95C7C49FF6E85CBDE72EE5BD623539E5B11D89603957840BED8A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sts":[{"expiry":1737038358.34434,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1705502358.344345}],"version":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9263
                                                                                                                                                                                                                                                                          Entropy (8bit):5.101875092636061
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stltkdSunsmpVsZihnkeRj3o8wLbV+FiA66W2HMaFIMY4SwPUYJ:stltLunswVfhHR6LbGix6W2HMaTY4SY
                                                                                                                                                                                                                                                                          MD5:C50761D8F7C9DB9D3A089E36007A58B9
                                                                                                                                                                                                                                                                          SHA1:E56433E3B8BAA1296041DA407B1AA245E9731ED2
                                                                                                                                                                                                                                                                          SHA-256:F30B84297F5DE60502E0439562739104356E34094839F77238EF9D1AD495BD46
                                                                                                                                                                                                                                                                          SHA-512:00F1F72D9E3C7BDFC6D9A4EA1FF959C13F5E08F927B066B0D4E9E50BF8E11868F91F2D55F3903E329FF3AAB6AF680463DDE475E593B21BDF9D2B7BDFECC4154C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3dee7.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9263
                                                                                                                                                                                                                                                                          Entropy (8bit):5.101875092636061
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stltkdSunsmpVsZihnkeRj3o8wLbV+FiA66W2HMaFIMY4SwPUYJ:stltLunswVfhHR6LbGix6W2HMaTY4SY
                                                                                                                                                                                                                                                                          MD5:C50761D8F7C9DB9D3A089E36007A58B9
                                                                                                                                                                                                                                                                          SHA1:E56433E3B8BAA1296041DA407B1AA245E9731ED2
                                                                                                                                                                                                                                                                          SHA-256:F30B84297F5DE60502E0439562739104356E34094839F77238EF9D1AD495BD46
                                                                                                                                                                                                                                                                          SHA-512:00F1F72D9E3C7BDFC6D9A4EA1FF959C13F5E08F927B066B0D4E9E50BF8E11868F91F2D55F3903E329FF3AAB6AF680463DDE475E593B21BDF9D2B7BDFECC4154C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44cd4.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9263
                                                                                                                                                                                                                                                                          Entropy (8bit):5.101875092636061
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stltkdSunsmpVsZihnkeRj3o8wLbV+FiA66W2HMaFIMY4SwPUYJ:stltLunswVfhHR6LbGix6W2HMaTY4SY
                                                                                                                                                                                                                                                                          MD5:C50761D8F7C9DB9D3A089E36007A58B9
                                                                                                                                                                                                                                                                          SHA1:E56433E3B8BAA1296041DA407B1AA245E9731ED2
                                                                                                                                                                                                                                                                          SHA-256:F30B84297F5DE60502E0439562739104356E34094839F77238EF9D1AD495BD46
                                                                                                                                                                                                                                                                          SHA-512:00F1F72D9E3C7BDFC6D9A4EA1FF959C13F5E08F927B066B0D4E9E50BF8E11868F91F2D55F3903E329FF3AAB6AF680463DDE475E593B21BDF9D2B7BDFECC4154C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF49caa.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9263
                                                                                                                                                                                                                                                                          Entropy (8bit):5.101875092636061
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stltkdSunsmpVsZihnkeRj3o8wLbV+FiA66W2HMaFIMY4SwPUYJ:stltLunswVfhHR6LbGix6W2HMaTY4SY
                                                                                                                                                                                                                                                                          MD5:C50761D8F7C9DB9D3A089E36007A58B9
                                                                                                                                                                                                                                                                          SHA1:E56433E3B8BAA1296041DA407B1AA245E9731ED2
                                                                                                                                                                                                                                                                          SHA-256:F30B84297F5DE60502E0439562739104356E34094839F77238EF9D1AD495BD46
                                                                                                                                                                                                                                                                          SHA-512:00F1F72D9E3C7BDFC6D9A4EA1FF959C13F5E08F927B066B0D4E9E50BF8E11868F91F2D55F3903E329FF3AAB6AF680463DDE475E593B21BDF9D2B7BDFECC4154C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c2cf.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9263
                                                                                                                                                                                                                                                                          Entropy (8bit):5.101875092636061
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stltkdSunsmpVsZihnkeRj3o8wLbV+FiA66W2HMaFIMY4SwPUYJ:stltLunswVfhHR6LbGix6W2HMaTY4SY
                                                                                                                                                                                                                                                                          MD5:C50761D8F7C9DB9D3A089E36007A58B9
                                                                                                                                                                                                                                                                          SHA1:E56433E3B8BAA1296041DA407B1AA245E9731ED2
                                                                                                                                                                                                                                                                          SHA-256:F30B84297F5DE60502E0439562739104356E34094839F77238EF9D1AD495BD46
                                                                                                                                                                                                                                                                          SHA-512:00F1F72D9E3C7BDFC6D9A4EA1FF959C13F5E08F927B066B0D4E9E50BF8E11868F91F2D55F3903E329FF3AAB6AF680463DDE475E593B21BDF9D2B7BDFECC4154C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                                                                                                                          Entropy (8bit):5.565747998435081
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpyCpjZpr9HpgWP4MpdfX9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/3pwJqpAnb:HOpyCpjZpr9HpgWP4MpdfX9peu1jaW3E
                                                                                                                                                                                                                                                                          MD5:1A1143A2801556B96F3148B640579F84
                                                                                                                                                                                                                                                                          SHA1:442F342A236F87A8060EF17A07E786CC69873648
                                                                                                                                                                                                                                                                          SHA-256:AA41933E53AE5FA1AABE2051F12667061F7DBEE290A4379714C7F734A6A1F909
                                                                                                                                                                                                                                                                          SHA-512:EA4BEE25CD0B757EE9D01CFDC1B04AF69C4B3A4FC2DF9E59FA0A124BBE5CA5A1DBFCEBA5993A4C3F304232F4618652112AF3C2D43154A9242FE6633AB870BDA3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3dbab.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                                                                                                                          Entropy (8bit):5.565747998435081
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpyCpjZpr9HpgWP4MpdfX9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/3pwJqpAnb:HOpyCpjZpr9HpgWP4MpdfX9peu1jaW3E
                                                                                                                                                                                                                                                                          MD5:1A1143A2801556B96F3148B640579F84
                                                                                                                                                                                                                                                                          SHA1:442F342A236F87A8060EF17A07E786CC69873648
                                                                                                                                                                                                                                                                          SHA-256:AA41933E53AE5FA1AABE2051F12667061F7DBEE290A4379714C7F734A6A1F909
                                                                                                                                                                                                                                                                          SHA-512:EA4BEE25CD0B757EE9D01CFDC1B04AF69C4B3A4FC2DF9E59FA0A124BBE5CA5A1DBFCEBA5993A4C3F304232F4618652112AF3C2D43154A9242FE6633AB870BDA3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF44ca5.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                                                                                                                          Entropy (8bit):5.565747998435081
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpyCpjZpr9HpgWP4MpdfX9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/3pwJqpAnb:HOpyCpjZpr9HpgWP4MpdfX9peu1jaW3E
                                                                                                                                                                                                                                                                          MD5:1A1143A2801556B96F3148B640579F84
                                                                                                                                                                                                                                                                          SHA1:442F342A236F87A8060EF17A07E786CC69873648
                                                                                                                                                                                                                                                                          SHA-256:AA41933E53AE5FA1AABE2051F12667061F7DBEE290A4379714C7F734A6A1F909
                                                                                                                                                                                                                                                                          SHA-512:EA4BEE25CD0B757EE9D01CFDC1B04AF69C4B3A4FC2DF9E59FA0A124BBE5CA5A1DBFCEBA5993A4C3F304232F4618652112AF3C2D43154A9242FE6633AB870BDA3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4c2a0.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24853
                                                                                                                                                                                                                                                                          Entropy (8bit):5.565747998435081
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:HOpyCpjZpr9HpgWP4MpdfX9pe8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/3pwJqpAnb:HOpyCpjZpr9HpgWP4MpdfX9peu1jaW3E
                                                                                                                                                                                                                                                                          MD5:1A1143A2801556B96F3148B640579F84
                                                                                                                                                                                                                                                                          SHA1:442F342A236F87A8060EF17A07E786CC69873648
                                                                                                                                                                                                                                                                          SHA-256:AA41933E53AE5FA1AABE2051F12667061F7DBEE290A4379714C7F734A6A1F909
                                                                                                                                                                                                                                                                          SHA-512:EA4BEE25CD0B757EE9D01CFDC1B04AF69C4B3A4FC2DF9E59FA0A124BBE5CA5A1DBFCEBA5993A4C3F304232F4618652112AF3C2D43154A9242FE6633AB870BDA3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349975925829458","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349975925829458","location":5,"ma

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1435
                                                                                                                                                                                                                                                                          Entropy (8bit):5.174598820878416
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Ra0ZZZZTUrtwSANCrtw3G0Xk8k8k8uAxmk81yxmVG3C5H8pF5iX5H8pFYG1lmsl2:tZZZZTwANK0DP395i2jvm4c5Yjh7vNG
                                                                                                                                                                                                                                                                          MD5:FEE7B38B3F73D21B28ECC2717E157CBE
                                                                                                                                                                                                                                                                          SHA1:0D537B0D951A53BDAC1DD64130D8DD06B3A148DE
                                                                                                                                                                                                                                                                          SHA-256:0DFEFF3774270802954B2745B4E516F0A1954674A776D33ADFCBA0356035A4BC
                                                                                                                                                                                                                                                                          SHA-512:E73737F5576AA54D49A58C1940BEF457427900EAA2A45FFD0F33F2EC03E88204B3B999EA44766AAC178F5B5267A97A78D0F118DEC15A762BC079DCC317B2579B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................*.j................next-map-id.1.Knamespace-620e5413_4cfc_4a56_bb0a_3a4495c8c202-https://accounts.google.com/.0....k................next-map-id.2.Lnamespace-620e5413_4cfc_4a56_bb0a_3a4495c8c202-https://accounts.youtube.com/.1. .................. .................. .................. ....................ej................next-map-id.3.Knamespace-8a53fa7e_4d2c_4388_a4c6_38bb34768f6b-https://accounts.google.com/.2G}+.k................next-map-id.4.Lnamespace-8a53fa7e_4d2c_4388_a4c6_38bb34768f6b-https://accounts.youtube.com/.3....j................next-map-id.5.Knamespace-8f21554f_981e_42da_834f_67f10fabf8ab-https://accounts.google.com/.4..!uk................next-map-id.6.Lnamespace-8f21554f_981e_42da_834f_67f10fabf8ab-https://accounts.youtube.com/.5T.Do.................Q.................Knamespace-8f21554f_981e_42da_834f_67f10fabf8ab-https://accounts.go

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.177912025312685
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HBNyq2P923oH+TcwtrQMxIFUt8+U1Zmw++qRkwO923oH+TcwtrQMFLJ:HBwv4YebCFUt8+U1/++O5LYebtJ
                                                                                                                                                                                                                                                                          MD5:532625724778B054D861DDFEE26B19E2
                                                                                                                                                                                                                                                                          SHA1:1E1D8919D68FC2791B9BDEC99F7BEFDACE00871A
                                                                                                                                                                                                                                                                          SHA-256:CC791DE00B8860644C4F7015868DBCBF7145367C5A8A465428502438389FCDE3
                                                                                                                                                                                                                                                                          SHA-512:D6EB96786F26E7924ECE0CB94081637B64C7D32868BCAEFE5A1BA540C9EB66E1F5423CF12549712A8728F929DD691E0E8F3617F0BBEA6903C7537D4C84893A36
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.797 3430 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/01/17-15:38:46.804 3430 Recovering log #3.2024/01/17-15:38:46.813 3430 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.177912025312685
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HBNyq2P923oH+TcwtrQMxIFUt8+U1Zmw++qRkwO923oH+TcwtrQMFLJ:HBwv4YebCFUt8+U1/++O5LYebtJ
                                                                                                                                                                                                                                                                          MD5:532625724778B054D861DDFEE26B19E2
                                                                                                                                                                                                                                                                          SHA1:1E1D8919D68FC2791B9BDEC99F7BEFDACE00871A
                                                                                                                                                                                                                                                                          SHA-256:CC791DE00B8860644C4F7015868DBCBF7145367C5A8A465428502438389FCDE3
                                                                                                                                                                                                                                                                          SHA-512:D6EB96786F26E7924ECE0CB94081637B64C7D32868BCAEFE5A1BA540C9EB66E1F5423CF12549712A8728F929DD691E0E8F3617F0BBEA6903C7537D4C84893A36
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.797 3430 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/01/17-15:38:46.804 3430 Recovering log #3.2024/01/17-15:38:46.813 3430 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13349975928319747

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):21897
                                                                                                                                                                                                                                                                          Entropy (8bit):4.231826567542321
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:Kh34N1/S1nJirzrzraSC9Zmp5ZZ5k45Uduh9O:UiffeRkFwuS
                                                                                                                                                                                                                                                                          MD5:362D3B6826F802E69F97D95D40B0749B
                                                                                                                                                                                                                                                                          SHA1:300C7974E2F327B938A3DA3D3B5BCAF9937BAE3C
                                                                                                                                                                                                                                                                          SHA-256:AA2C3535D68950885796F0D159275C2BDE47BC94C69976263B864826F385A4A0
                                                                                                                                                                                                                                                                          SHA-512:07EB6924EEC49970DFC2E736D2785B220D17229A0E64E18A8ECE1B3BA423CD438C8C62139368D5B5601E01CE821BA974CBBA64F0824A013E3C7FD6B71DDE753D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SNSS.......v..P...........v..P......"v..P...........v..P.......v..P.......w..P.......w..P....!..w..P...............................v..Pw..P1..,...w..P$...620e5413_4cfc_4a56_bb0a_3a4495c8c202...v..P.......w..P....p..........v..P...v..P.......................v..P....................5..0...v..P&...{98952893-68FF-4A5D-A164-705C709ED3DB}.....v..P...........w..P...............w..Po...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64.................w..P...............w..Po...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......1

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13349976005346694

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):14709
                                                                                                                                                                                                                                                                          Entropy (8bit):4.0393450407252836
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:3ycWFF3HIAWF7e8J3sQkU7dG3HwoT7dHeN43ABpiPITx3HCPMTZ3qCrQekHC2:i5S1nJ2+C9Zmpi48UZu7
                                                                                                                                                                                                                                                                          MD5:16C1F5454A960A271EA655740F865523
                                                                                                                                                                                                                                                                          SHA1:B922CB8C2EF1F26C2E9BB233B1844215813498E2
                                                                                                                                                                                                                                                                          SHA-256:18ABCB315C6FC627718C76AB9EEA0D68763E7888490E3110A45126F52C73AB4C
                                                                                                                                                                                                                                                                          SHA-512:B076F8D672ED180D390A087FBB01D14509CEA684B495EE874ADFEB8B0C908002AEEBE98072FC3F219B84C47ECAA2FF05F2402D89C1AF5FC731A4065882DEB737
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SNSS....]..X...z..P........X..m/.....................&...{98952893-68FF-4A5D-A164-705C709ED3DB}.........{..P.........m/........{..Po...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64..........]..X...{..P....K...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp16mtcivffVBBwfkrBYI7wPqEf18tYDFPkxN2uLFY1MCVWIJFHWQx8AFuHw6cfFpkEGa5I85A&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S922877882%3A1705502328987604&theme=glif.....S.i.g.n. .i.n. .-. .G.o.o.g.l.e. .A.c.c.o.u.n.t.s...T...P...!...H...........................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):112
                                                                                                                                                                                                                                                                          Entropy (8bit):4.682168327341034
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:41tt0diERGrEknnrHCtRdRQYQzWCxaG:et084O1nTqQSCxX
                                                                                                                                                                                                                                                                          MD5:C1B2FBA34BC82E137E975A8176BA6486
                                                                                                                                                                                                                                                                          SHA1:C2B72F7332E6838FF0704CA40C8BD6C7C7C0B5AB
                                                                                                                                                                                                                                                                          SHA-256:6D2928FD552EF825354819599C21905466A606A450EC3C6151A09DF4FCA6054E
                                                                                                                                                                                                                                                                          SHA-512:D69C951302CCEA8A6CB81ED3284E93506A04A6E9C8B0B9DB8F6AD215E75A28AF32ED104C833A8C01CCBC4C4A34E8C6065681FD57B5CFAEEF0EDC6261045DF762
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.On.!................database_metadata.1....A............... 4b73253fa4ba145311540a716d94b453.........=...="..=

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):352
                                                                                                                                                                                                                                                                          Entropy (8bit):5.163160168481524
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HyXfq2P923oH+Tcwt7Uh2ghZIFUt8+IZmw++QkwO923oH+Tcwt7Uh2gnLJ:HEfv4YebIhHh2FUt8+I/++Q5LYebIhHd
                                                                                                                                                                                                                                                                          MD5:2F23255C7AE3609A3262D7CD21A0D073
                                                                                                                                                                                                                                                                          SHA1:E58932700D602E5393D80A9517FA32DE88DCB6C8
                                                                                                                                                                                                                                                                          SHA-256:4B39C5D498AD5BFE7C8468FB8FD500ADC288E8C5A34C7AA89F23ECBA810BAE66
                                                                                                                                                                                                                                                                          SHA-512:837B32E2698AFCFFEFA064C29B93676DB17E514A65509FCEA079C6C49EE6C3A5E1ACD9BD89A6BFF2173CC618E70A36A996F56EA609F0C5CB4CD19A91DE43EF2B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.818 25f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/01/17-15:38:45.833 25f0 Recovering log #3.2024/01/17-15:38:45.833 25f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):352
                                                                                                                                                                                                                                                                          Entropy (8bit):5.163160168481524
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HyXfq2P923oH+Tcwt7Uh2ghZIFUt8+IZmw++QkwO923oH+Tcwt7Uh2gnLJ:HEfv4YebIhHh2FUt8+I/++Q5LYebIhHd
                                                                                                                                                                                                                                                                          MD5:2F23255C7AE3609A3262D7CD21A0D073
                                                                                                                                                                                                                                                                          SHA1:E58932700D602E5393D80A9517FA32DE88DCB6C8
                                                                                                                                                                                                                                                                          SHA-256:4B39C5D498AD5BFE7C8468FB8FD500ADC288E8C5A34C7AA89F23ECBA810BAE66
                                                                                                                                                                                                                                                                          SHA-512:837B32E2698AFCFFEFA064C29B93676DB17E514A65509FCEA079C6C49EE6C3A5E1ACD9BD89A6BFF2173CC618E70A36A996F56EA609F0C5CB4CD19A91DE43EF2B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.818 25f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/01/17-15:38:45.833 25f0 Recovering log #3.2024/01/17-15:38:45.833 25f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zECll1k+X:/M/xT02zh5
                                                                                                                                                                                                                                                                          MD5:9CC480F1119EDDAC8A88752DD08D9FE2
                                                                                                                                                                                                                                                                          SHA1:A08C12D4A38F4078493E2EF3E66737CEB0D16F99
                                                                                                                                                                                                                                                                          SHA-256:1D04ADDC5B03CA7A9B7AC5F1B98BF1F46C0085E53E231BF66A450C4E9F7800D1
                                                                                                                                                                                                                                                                          SHA-512:BF1AF0386FDBDD1AEA1C2EB96BB356DC393A5DF67276C93FFD2629D3169441444150DF6A235270C742DC828B0B0673356BB23133FF1DCB7EBD681E15F2E4FB1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):431
                                                                                                                                                                                                                                                                          Entropy (8bit):5.287707576514819
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:H4F+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8+1HZmw++6kwO923oH+TcwtzjqEKjd:H4ov4YebvqBQFUt8+J/++65LYebvqBvJ
                                                                                                                                                                                                                                                                          MD5:C3FD180B0D3B5D0D78EB748AFE5A3778
                                                                                                                                                                                                                                                                          SHA1:48B9DA64A763173EF674C01D4636DED19859DDEE
                                                                                                                                                                                                                                                                          SHA-256:E9D33552AE2C092AD81C610D9D0B67411F9533B3539AB57E8A8B2408FFF0E964
                                                                                                                                                                                                                                                                          SHA-512:261103918ABD204B9CF25AA8D6C74016F367492153919BD498F7DE35270973C8E6C5A23EE33A79752EAF270EF38199682F45F8515D4A10F135529606F1BD8800
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:47.238 864 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/01/17-15:38:47.242 864 Recovering log #3.2024/01/17-15:38:47.289 864 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):431
                                                                                                                                                                                                                                                                          Entropy (8bit):5.287707576514819
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:H4F+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8+1HZmw++6kwO923oH+TcwtzjqEKjd:H4ov4YebvqBQFUt8+J/++65LYebvqBvJ
                                                                                                                                                                                                                                                                          MD5:C3FD180B0D3B5D0D78EB748AFE5A3778
                                                                                                                                                                                                                                                                          SHA1:48B9DA64A763173EF674C01D4636DED19859DDEE
                                                                                                                                                                                                                                                                          SHA-256:E9D33552AE2C092AD81C610D9D0B67411F9533B3539AB57E8A8B2408FFF0E964
                                                                                                                                                                                                                                                                          SHA-512:261103918ABD204B9CF25AA8D6C74016F367492153919BD498F7DE35270973C8E6C5A23EE33A79752EAF270EF38199682F45F8515D4A10F135529606F1BD8800
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:47.238 864 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/01/17-15:38:47.242 864 Recovering log #3.2024/01/17-15:38:47.289 864 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                          Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b2fef2ea-7cb9-4f6e-9aae-8c1eba9fbe87.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e11da581-adaf-407d-a03a-d2def642ad25.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):419
                                                                                                                                                                                                                                                                          Entropy (8bit):5.298871250612558
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HNdOq2P923oH+TcwtzjqEKj0QMxIFUt8+UZZmw++mzkwO923oH+TcwtzjqEKj0Qq:HOv4YebvqBZFUt8+UZ/++u5LYebvqBaJ
                                                                                                                                                                                                                                                                          MD5:02C2A6640D9DE7B923B4E9E4AC023520
                                                                                                                                                                                                                                                                          SHA1:601F34CBCBE92C2890ADF35BD225ABB96D2F8FCD
                                                                                                                                                                                                                                                                          SHA-256:8A3E649EE45272665CE9284B15543208E2C6D097990F9A9FD8CBFA3B5F80DB4E
                                                                                                                                                                                                                                                                          SHA-512:52AA7789C8CEE0E3DEF10E09FA7131D9D605911FF85EAE897D11B6C81C39983DB2E6E0D3BBF33C31C659FA68607E243D1AE2D070E3C7EDCF28F466AA3EE0FE8D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:39:09.577 864 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/01/17-15:39:09.581 864 Recovering log #3.2024/01/17-15:39:09.587 864 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):419
                                                                                                                                                                                                                                                                          Entropy (8bit):5.298871250612558
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HNdOq2P923oH+TcwtzjqEKj0QMxIFUt8+UZZmw++mzkwO923oH+TcwtzjqEKj0Qq:HOv4YebvqBZFUt8+UZ/++u5LYebvqBaJ
                                                                                                                                                                                                                                                                          MD5:02C2A6640D9DE7B923B4E9E4AC023520
                                                                                                                                                                                                                                                                          SHA1:601F34CBCBE92C2890ADF35BD225ABB96D2F8FCD
                                                                                                                                                                                                                                                                          SHA-256:8A3E649EE45272665CE9284B15543208E2C6D097990F9A9FD8CBFA3B5F80DB4E
                                                                                                                                                                                                                                                                          SHA-512:52AA7789C8CEE0E3DEF10E09FA7131D9D605911FF85EAE897D11B6C81C39983DB2E6E0D3BBF33C31C659FA68607E243D1AE2D070E3C7EDCF28F466AA3EE0FE8D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:39:09.577 864 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/01/17-15:39:09.581 864 Recovering log #3.2024/01/17-15:39:09.587 864 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.233156260272782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HyXBM+q2P923oH+TcwtpIFUt8+p+XZmw++yxOMMVkwO923oH+Tcwta/WLJ:HEBM+v4YebmFUt8+p+X/++iMV5LYebaQ
                                                                                                                                                                                                                                                                          MD5:2FF58DC168CB95C923571DDC58F6E991
                                                                                                                                                                                                                                                                          SHA1:F7AF09671DE28D9F3F9099427A2D24BDF82B9DAA
                                                                                                                                                                                                                                                                          SHA-256:F49364297CE886A5443779A181DBA2FBC29B749B0AFBEBCD17D065AC6A511E27
                                                                                                                                                                                                                                                                          SHA-512:DFB79E12E8CE20619DF241B78484AA8F1DA77EE81F69744D306C439B618290364262D28D820D5F8653F4EB1A6B279E7F334E2143B6939979F25F7992DF9C4F4C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.818 2ffc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/01/17-15:38:45.828 2ffc Recovering log #3.2024/01/17-15:38:45.829 2ffc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                                          Entropy (8bit):5.233156260272782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HyXBM+q2P923oH+TcwtpIFUt8+p+XZmw++yxOMMVkwO923oH+Tcwta/WLJ:HEBM+v4YebmFUt8+p+X/++iMV5LYebaQ
                                                                                                                                                                                                                                                                          MD5:2FF58DC168CB95C923571DDC58F6E991
                                                                                                                                                                                                                                                                          SHA1:F7AF09671DE28D9F3F9099427A2D24BDF82B9DAA
                                                                                                                                                                                                                                                                          SHA-256:F49364297CE886A5443779A181DBA2FBC29B749B0AFBEBCD17D065AC6A511E27
                                                                                                                                                                                                                                                                          SHA-512:DFB79E12E8CE20619DF241B78484AA8F1DA77EE81F69744D306C439B618290364262D28D820D5F8653F4EB1A6B279E7F334E2143B6939979F25F7992DF9C4F4C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:45.818 2ffc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/01/17-15:38:45.828 2ffc Recovering log #3.2024/01/17-15:38:45.829 2ffc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):131072
                                                                                                                                                                                                                                                                          Entropy (8bit):0.011097911732131389
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:ImtVdNRR1b/IbR7/lCy61nO2NvPCjFsF8SAl1G2WfB/t:IiV1jI+y6hZtCjFsilAxfp
                                                                                                                                                                                                                                                                          MD5:69CF3EC7803714A6325052EC92488D7C
                                                                                                                                                                                                                                                                          SHA1:D8CE453DDBE644BF16731C21A8B6A667B7F1B7C2
                                                                                                                                                                                                                                                                          SHA-256:E24F234D2AF67BDBD992F785182655A8F39408CE84D7D6CCF12ACB272496411E
                                                                                                                                                                                                                                                                          SHA-512:8EC67681A9E6F08A25E03042ADB51D259E17EFEBC21F606745F910EA87A119677B4EED7789E0B4596A6CE72597B2A1C2EC3839C2223C4C34D5515D42FCF7E9CE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.2652429787209853
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:8/2qOB1nxCkMYSAELyKOMq+8yC8F/YfU5m+OlTLVum0:Bq+n0JY9ELyKOMq+8y9/Ow3
                                                                                                                                                                                                                                                                          MD5:075F9E68CF800DE5200119180D612445
                                                                                                                                                                                                                                                                          SHA1:24BC7FC1CBD4797D53A24CE9087CE573A8439F93
                                                                                                                                                                                                                                                                          SHA-256:C452859D4103CA63EB31275956A29144F3151051AE588EDE2E73F2D026A20FA4
                                                                                                                                                                                                                                                                          SHA-512:C2B1F57003F802B2DAE39EFC519493339E304B949C33A2864112738858A086369DD45656D39103FEE2AEC0175A363A9950ED6DAB46CD09C88B9378C1171B0F4F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                                                                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                                                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                                                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                                                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a3c537b2-4128-49cf-b187-e2e21ac91524.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):12836
                                                                                                                                                                                                                                                                          Entropy (8bit):5.210710593529214
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:stljPGoPSuzunswVfhWaRZ5zbGxOeNw1OKt6WzORZHMaTY4SY:szOoKuKVfMQbGoee0suwaTYvY
                                                                                                                                                                                                                                                                          MD5:3A8F28972949B3C1BFF2DF301ABB2DCB
                                                                                                                                                                                                                                                                          SHA1:97AC858CD8FF95A83EC26B2154910BDAD904FC5F
                                                                                                                                                                                                                                                                          SHA-256:F59597F80E4C8B3300CF8B9C7FD7AF85B4682B3A07CFD877B52A31DFEB97A333
                                                                                                                                                                                                                                                                          SHA-512:9CDA9EF9F7CFBD11CEDCD4E9C6B96A0D9B1DE5572260191A60C7291F2EA0F2ABBB5003AB1DE22FD98427D6D20C058F6A1C67DD2C1883AC8B0B02839A749647A1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11755
                                                                                                                                                                                                                                                                          Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\be4801d2-27ac-4165-b905-2d93a427f70b.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9867
                                                                                                                                                                                                                                                                          Entropy (8bit):5.117122907113846
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stljkdSunsmpVsZihUkVaRj3lR8wLbV+FxfTQA66WzUZHMaFIMY4SwPUYJ:stljLunswVfhNaRZ5LbGx7Qx6WzUZHMc
                                                                                                                                                                                                                                                                          MD5:B39C8D80484B1F03497DA8DC2136CD50
                                                                                                                                                                                                                                                                          SHA1:8800674A34F64B7BBE912973C625D34BD3C74E0C
                                                                                                                                                                                                                                                                          SHA-256:072914C2350935B12B4B4BCB49067946B13A4394B920061493AC1841E44EFC58
                                                                                                                                                                                                                                                                          SHA-512:0563E15CC2BABCA5639E2A83CC9F91B3B7721480502280DA36A16C65CD732115909E2BE2E6738F90095CA4B3CC4BD08C464BA40C50FA5F313E93519E31B0EA5A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d92a7de4-e1f0-4ec9-bea0-379cf686043e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9263
                                                                                                                                                                                                                                                                          Entropy (8bit):5.101875092636061
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:stltkdSunsmpVsZihnkeRj3o8wLbV+FiA66W2HMaFIMY4SwPUYJ:stltLunswVfhHR6LbGix6W2HMaTY4SY
                                                                                                                                                                                                                                                                          MD5:C50761D8F7C9DB9D3A089E36007A58B9
                                                                                                                                                                                                                                                                          SHA1:E56433E3B8BAA1296041DA407B1AA245E9731ED2
                                                                                                                                                                                                                                                                          SHA-256:F30B84297F5DE60502E0439562739104356E34094839F77238EF9D1AD495BD46
                                                                                                                                                                                                                                                                          SHA-512:00F1F72D9E3C7BDFC6D9A4EA1FF959C13F5E08F927B066B0D4E9E50BF8E11868F91F2D55F3903E329FF3AAB6AF680463DDE475E593B21BDF9D2B7BDFECC4154C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13349975926864121","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_la

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                          Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 8, database pages 11, cookie 0x7, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                                                                                                                          Entropy (8bit):1.9894232563665128
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:BM3rp/jJYX11P4+N4kNE8KI7rYIJ1Z+tzI8CGxJ3hDSRvS7vIdQb:64jdgtlCaDSRSN
                                                                                                                                                                                                                                                                          MD5:05E10760C8C8F6D2D9BFE1F7ED349C3A
                                                                                                                                                                                                                                                                          SHA1:96B61E870987F1C52B708CBC19670CDB51E91C70
                                                                                                                                                                                                                                                                          SHA-256:518BF674EC0608F50F14BEEBFD0FF9AF50B6FC19DEFE88D4FBF4DC7307D7E98F
                                                                                                                                                                                                                                                                          SHA-512:504F27552C041C1B85B6E1DA02A399D367AFE6E55FAF69F991CCD0A1C469022BE46F877E96D4F0572F10C3BFAC1387C71438A85995B243C6477DC440CE585182
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..................?.P................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.2649620174332383
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:DNMNPonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnT7PI:DqBW7P
                                                                                                                                                                                                                                                                          MD5:07B03480335D660C3E13B9C582CF0623
                                                                                                                                                                                                                                                                          SHA1:86E2C75DEB87BCA369B79533BC20DB166C09F10B
                                                                                                                                                                                                                                                                          SHA-256:463046F4B1860ED2DD1E01D0832B930249878D841BF41D39F9E170E08FB0A24B
                                                                                                                                                                                                                                                                          SHA-512:6734CF1C43035C6B894385BD1A2B2FD7B78FE23ADC8FFEEDB4EED4644F8C0449984B1A4B9F971FD7DAE99B085117F7A469729C3D33CBF135512DA20E94276A58
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....@................3:..o...4..}..W..\L...-.....@................3:..o...4..}..W..\L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1124792
                                                                                                                                                                                                                                                                          Entropy (8bit):2.332767876124672
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:mCY6awBwUwewkwgwdw1wLw8wr4w1wewwwNwT3JGyf11SW:4ISW
                                                                                                                                                                                                                                                                          MD5:6BB033D78EEE1A7E1EDE70B617E028E8
                                                                                                                                                                                                                                                                          SHA1:2230CE40F21168E2C4CF11C676449897A0CC24EE
                                                                                                                                                                                                                                                                          SHA-256:ECEF47FC65EA6C0E284E6B73A7B8002ECDDF16CA87416D355B26E64D15C6BA57
                                                                                                                                                                                                                                                                          SHA-512:90BB744AB6265692EBE21B8AFE9C05360AF1A498B9507F44325C3BB68DEF41C8ACA33052BEE9FBA8D8040A0C0F229E5A85AD0395ABF046EF9B72495145179E4D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.291417391523495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HPjLdSQ+q2P923oH+TcwtfrK+IFUt8+PeX8gZmw++PqQVkwO923oH+TcwtfrUeLJ:HLEv4Yeb23FUt8+WV/++V5LYeb3J
                                                                                                                                                                                                                                                                          MD5:23FBA29318881AA8AB86B67B936146B1
                                                                                                                                                                                                                                                                          SHA1:A0ABB3902DEE21086FE23A176150F6B435AC883D
                                                                                                                                                                                                                                                                          SHA-256:AF2EA729750ED7D9E9FB68C8FBCDEAF39DBBC69662BA40849B78D12162DE2BAC
                                                                                                                                                                                                                                                                          SHA-512:C425516412D40DFFBFD6DF505E087E05043F2214D41E0D4ACA03E0D2E927FD8CCC331A2330E9DFAE89D556BDCB6BA70CAF3A8E1D5C8486F3DAF5B1F304527C14
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.915 2f28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/01/17-15:38:46.916 2f28 Recovering log #3.2024/01/17-15:38:46.917 2f28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                                          Entropy (8bit):5.291417391523495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:HPjLdSQ+q2P923oH+TcwtfrK+IFUt8+PeX8gZmw++PqQVkwO923oH+TcwtfrUeLJ:HLEv4Yeb23FUt8+WV/++V5LYeb3J
                                                                                                                                                                                                                                                                          MD5:23FBA29318881AA8AB86B67B936146B1
                                                                                                                                                                                                                                                                          SHA1:A0ABB3902DEE21086FE23A176150F6B435AC883D
                                                                                                                                                                                                                                                                          SHA-256:AF2EA729750ED7D9E9FB68C8FBCDEAF39DBBC69662BA40849B78D12162DE2BAC
                                                                                                                                                                                                                                                                          SHA-512:C425516412D40DFFBFD6DF505E087E05043F2214D41E0D4ACA03E0D2E927FD8CCC331A2330E9DFAE89D556BDCB6BA70CAF3A8E1D5C8486F3DAF5B1F304527C14
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.915 2f28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/01/17-15:38:46.916 2f28 Recovering log #3.2024/01/17-15:38:46.917 2f28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):787
                                                                                                                                                                                                                                                                          Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                          MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                          SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                          SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                          SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):342
                                                                                                                                                                                                                                                                          Entropy (8bit):5.271325552497588
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:H5Q+q2P923oH+TcwtfrzAdIFUt8+YDNSgZmw++9tLQQVkwO923oH+TcwtfrzILJ:Hjv4Yeb9FUt8+YDNX/++bT5LYeb2J
                                                                                                                                                                                                                                                                          MD5:DBBDF877985FBB5260AF87E1CA96D651
                                                                                                                                                                                                                                                                          SHA1:D0B075CC9256281B5B5F74B33D112753F36B86CC
                                                                                                                                                                                                                                                                          SHA-256:40B2BD2508FC2DA7D9F1E5C9DA5DDDA29F292E1E505888CC10678F9AA4CA0880
                                                                                                                                                                                                                                                                          SHA-512:068DB86C73B036EDFBA893344DD58429EFAA0C432A816BDC8286473766782BA130FF9A2B329BE5BC6E9A8A74BF6D93AEB9FE221FD2D06A12561D01C41F454DA1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.891 2f28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/01/17-15:38:46.893 2f28 Recovering log #3.2024/01/17-15:38:46.894 2f28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):342
                                                                                                                                                                                                                                                                          Entropy (8bit):5.271325552497588
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:H5Q+q2P923oH+TcwtfrzAdIFUt8+YDNSgZmw++9tLQQVkwO923oH+TcwtfrzILJ:Hjv4Yeb9FUt8+YDNX/++bT5LYeb2J
                                                                                                                                                                                                                                                                          MD5:DBBDF877985FBB5260AF87E1CA96D651
                                                                                                                                                                                                                                                                          SHA1:D0B075CC9256281B5B5F74B33D112753F36B86CC
                                                                                                                                                                                                                                                                          SHA-256:40B2BD2508FC2DA7D9F1E5C9DA5DDDA29F292E1E505888CC10678F9AA4CA0880
                                                                                                                                                                                                                                                                          SHA-512:068DB86C73B036EDFBA893344DD58429EFAA0C432A816BDC8286473766782BA130FF9A2B329BE5BC6E9A8A74BF6D93AEB9FE221FD2D06A12561D01C41F454DA1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:2024/01/17-15:38:46.891 2f28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/01/17-15:38:46.893 2f28 Recovering log #3.2024/01/17-15:38:46.894 2f28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0018164538716206491
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zETlSe3t/:/M/xT02ze1
                                                                                                                                                                                                                                                                          MD5:AD9292EFC9B7324DDE81090AD904EFCA
                                                                                                                                                                                                                                                                          SHA1:A42C14621ED48A555F08A4BF7CDA0BBB4193A190
                                                                                                                                                                                                                                                                          SHA-256:9818CC7E3C4901ECBB0AA5D48F12CC31D17B61B622732E448F0D4F97D830ADD9
                                                                                                                                                                                                                                                                          SHA-512:0BA91C5F2B1DDF3AE7A9D5A1BEB97B227BA519DB679B892DF1BD8D2F7CF2CDD698E8108EA16F9329AFC4367641E5522C61BB3DD48DD90B41BA8A7027A7F04E79
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0018238520723782249
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zETl7ed/:/M/xT02zKO
                                                                                                                                                                                                                                                                          MD5:2BA0F3840235345F819E300D48BA3A19
                                                                                                                                                                                                                                                                          SHA1:FDA40C6EF86E3AF4EBFD587E4F9FA4C46AB0B36D
                                                                                                                                                                                                                                                                          SHA-256:F098B0CA277DEF59BABB6C75BAC6B27BC149BCB54ECA039DA037585F51015A27
                                                                                                                                                                                                                                                                          SHA-512:563C1877C2A77E46952888C00AD86F238E117061A18909724E0C494FB8ADF6E607C2BF5D7531E8F48E831C9AE6BC3417F5FD9BCA04CDCBAF137927BA8558CD9C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                                                                                                                          Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:117.0.2045.47

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38742.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38752.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38bc6.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b2e6.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f629.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4024e.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF44cd4.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF47a4d.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4a535.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c204.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c2c0.TMP (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):44137
                                                                                                                                                                                                                                                                          Entropy (8bit):6.090762133039
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMfwuF9hDO6vP6O+wtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEb6xtbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                          MD5:9A65058699F588950B5E344E99348353
                                                                                                                                                                                                                                                                          SHA1:AFCFBE42A695C67A3DDCA9C75D8BD5CA4905963A
                                                                                                                                                                                                                                                                          SHA-256:CD33F4DA1AE5D64AF728FA6AE178250A7843A518CB310A5CF20908C9F8380EC0
                                                                                                                                                                                                                                                                          SHA-512:52FA9A6D2572B6D26F9B5B28A2A57A7B5ED35EC6555F591922486951EE7FA566B5D257209F70EDBA960CDC90839E45FA02BB85DF8F9141C89645A4168D98A874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):47
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35
                                                                                                                                                                                                                                                                          Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):50
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9904355005135823
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                                                                                                                                                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                                                                                                                                                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                                                                                                                                                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                                                                                                                                                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):575056
                                                                                                                                                                                                                                                                          Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):85
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQw:YQ3Kq9X0dMgAEiLI2
                                                                                                                                                                                                                                                                          MD5:265DB1C9337422F9AF69EF2B4E1C7205
                                                                                                                                                                                                                                                                          SHA1:3E38976BB5CF035C75C9BC185F72A80E70F41C2E
                                                                                                                                                                                                                                                                          SHA-256:7CA5A3CCC077698CA62AC8157676814B3D8E93586364D0318987E37B4F8590BC
                                                                                                                                                                                                                                                                          SHA-512:3CC9B76D8D4B6EDB4C41677BE3483AC37785F3BBFEA4489F3855433EBF84EA25FC48EFEE9B74CAB268DC9CB7FB4789A81C94E75C7BF723721DE28AEF53D8B529
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a1e69813-cbaf-4bc6-8e4d-e95eb57462e5.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45519
                                                                                                                                                                                                                                                                          Entropy (8bit):6.093605434831084
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:bDXzgWPsj/qlGJqIY8GB4x9/S8luhDO6vP6OKu6FKA0sD+E5JLkcGoup1Xl3jVzX:b/Ps+wsI7yO9/n6/6schu3VlXr4CRo4
                                                                                                                                                                                                                                                                          MD5:37B4B0572CC906D4D99C1938424542D0
                                                                                                                                                                                                                                                                          SHA1:CEC0D8141D33D6DABF85025AA4FFC0AE1423514C
                                                                                                                                                                                                                                                                          SHA-256:B06F7F0838813F856B5FAA4170A2C909207ACC9CC52D774E3D145855481FB922
                                                                                                                                                                                                                                                                          SHA-512:F59B4D5735722024447053B4B92BC353B2017EEAF3EBCE66ADA97E326DF943BC91E13B35C0A529EBC79250F9F16E349B3A5165BC2DA2B1D4BF34FB8BCADEC5BD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a73948a6-40d4-4e3f-bde3-60b026f78b59.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45519
                                                                                                                                                                                                                                                                          Entropy (8bit):6.093601774774901
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:bDXzgWPsj/qlGJqIY8GB4x9/SR8hDO6vP6OKu6FKA0sD+E5JLkcGoup1Xl3jVzXH:b/Ps+wsI7yO9/S6/6schu3VlXr4CRo4
                                                                                                                                                                                                                                                                          MD5:EA4C950369699B0172201CD7FD0A0D8B
                                                                                                                                                                                                                                                                          SHA1:0F0D3070DE64C1C14D4E84BC5D57CFE71F0341B0
                                                                                                                                                                                                                                                                          SHA-256:188C9466CC753776D9792202F6029E80ADB93B17F41CC14FE9A2AA6FD9B45EC3
                                                                                                                                                                                                                                                                          SHA-512:17397A5CB84C01412A408B26B016AD00D8D196B2C15F4B83E435CE3983052DFA59F6CCF8F6D6A87DD1FF1B4035874D996F8A09E0AA81443AA260B2D9464A05CD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c2909a79-fc66-486a-ba33-08b765955cca.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):45519
                                                                                                                                                                                                                                                                          Entropy (8bit):6.093550333665456
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:bDXzgWPsj/qlGJqIY8GB4x9sISHohDO6vP6OKu6FKA0sD+E5JLkcGoup1Xl3jVzX:b/Ps+wsI7yO93Q6/6schu3VlXr4CRo4
                                                                                                                                                                                                                                                                          MD5:2BA63310B4804254AC8B3CC1FB7A3387
                                                                                                                                                                                                                                                                          SHA1:D490DD28F584AAF21CF46EF9176C3F467BEFDC21
                                                                                                                                                                                                                                                                          SHA-256:3CC6C4A4CAD0D3A0F454A71D7665272CCC50955D9B467FD684C901CE72711536
                                                                                                                                                                                                                                                                          SHA-512:38107516CB68E1D64676C6BBD07A25C5AB3130B2EC53C89C61859C46A31F95E263010D182E02997A9855A6931F29267BA37732DC89D0F086158CB73135266838
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8356079544699133
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxrgxmxl9Il8u89JhLj7MH4zE8FrnG+LQEYzd1rc:mXYm7MH4z/rnLuU
                                                                                                                                                                                                                                                                          MD5:7B0372906428FB3B5E06E3EEE6AF0987
                                                                                                                                                                                                                                                                          SHA1:C029CB834E4CA8246F01B2E986D1DB26C59D1A00
                                                                                                                                                                                                                                                                          SHA-256:6289234A26D8981CF3BC3A1ADE6B5E38E1CCCDB0758488CFDAECDECF76C3AFFD
                                                                                                                                                                                                                                                                          SHA-512:E807D7F225EF6CF32B6C214CDFA96F50E73F1C04136FB2C5EFE190674D520EC4048B178C4E9D17934A2DFCA5BE30211B949C903A815C68977F5D42B6A390B390
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.R.A.Q.1.t.J.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.0.f.a.v.T.Z.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4622
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9966257411128105
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:qYUZ0JqNHGSASWZOtM2WySsEci9SPujZY+8J:qzGJcAiC/yjm9nu
                                                                                                                                                                                                                                                                          MD5:9EB7FA1DE5CD38ACB0720B96232636E2
                                                                                                                                                                                                                                                                          SHA1:B1B84310BAB6A41B708964FF47C21603CFDFBF45
                                                                                                                                                                                                                                                                          SHA-256:44FBF4B5E078DE684FFA968E57F95E07130D9A2FA1D515C9A408B85D0EE68950
                                                                                                                                                                                                                                                                          SHA-512:91FA08E33511A72EB910740108FAA2461C3F0EE2719E7CFC9A356BD219283ABEB43CCC9DF23720837CDCF430E8EDEE6DB56DD78A1CCF0F18CA9982422B820F76
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".w.4.F.b.K.V.N.J.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.0.f.a.v.T.Z.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\autorun[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):367616
                                                                                                                                                                                                                                                                          Entropy (8bit):7.868902079164761
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:7Lnm91i1m7pJ4OlXq/XN3qq1BCDcFJ5eUE8Dod5w6EUdEjzOdIj:Pm90E7pJvq/t8cFJ5vELrTdEjz
                                                                                                                                                                                                                                                                          MD5:70A53CEA1F5F40353D5F6A6BF02A95C0
                                                                                                                                                                                                                                                                          SHA1:E8A936CD25241CA66DEAFE300E87F81F376E63CC
                                                                                                                                                                                                                                                                          SHA-256:D884369789550A8A68F06719E4D8B5378179ED94435B8AFB7BC2EADAADE695E6
                                                                                                                                                                                                                                                                          SHA-512:2B28B3C2BCD9114904848F6167ABD7C9B977D6CD56789E35D698972CECA0F5D0354BB39FD2C2FC2FAA6A90301875508378F81E9101437BEADEC586C8AC430B02
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nX.e................................. ........@.. ..............................U3....`.................................p...K.......B...........................*................................................ ............... ..H............text....... ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B........................H.......,...PY..........|................................................0..V.......~....:K.........(.... .... .... ....s....(............(....(.... ....?....r...ps....z*...(,...(....*.0.......... .......... ............8.......(...........i]....X.. ....?........8$.......X...X ....]...................X.. ....?...........8......X ....].....X ....]..................&...& .=.e 5..Pa~y...{....a(....(...............X ....]..........%q........a........X......i?w...*..............&

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1509376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.651826632483482
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:nUalkVcJGB7FyCTEaYtT9SfVK5Y3IexDzSf3Z8MQQvTICTNiTPUXl7TP8o1Cl8:nyWJG7yUVYtT8RSPKqvTVTUs9TP8o1Cm
                                                                                                                                                                                                                                                                          MD5:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          SHA1:FD4738C226BF7672880144AAD0135576AD3C1FA4
                                                                                                                                                                                                                                                                          SHA-256:2EB564562FC5D4D4AB4EFCA29E542BA64DA9B04A58B7C6A39ACE4E53AD12273A
                                                                                                                                                                                                                                                                          SHA-512:05A943DDB4A808EEE6F05EC091EB9E751602DBC2C7B8B8B27CFDF00274002434AA2718246CA77F6932059AD597DE51B422F06717C343D4F9AAAB9E4D0D44640F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\liva[1].exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...7g.e...............".....T....................@..........................P............@............................................(.......................4.......8..............................@............................................text............................... ..`.rdata..............................@..@.data....6....... ..................@....rsrc...(...........................@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\987123[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):281088
                                                                                                                                                                                                                                                                          Entropy (8bit):6.512504106980186
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:R6cvPUr3ML0hqprrFajzR3yQqrPnuHlc/LMOQF0GWYa5aufYO+f4qqx:R6KP28L0QprmR3yQkvEQMOc0GFuQO+K
                                                                                                                                                                                                                                                                          MD5:4CCD48A9C3D1559A8531334C58B3EBD1
                                                                                                                                                                                                                                                                          SHA1:B9B8EC0DB84F5FE6741E6440BA72C6CAE05311ED
                                                                                                                                                                                                                                                                          SHA-256:9FBB6BE64CE733CABAA16D80B36AB68F4D0EF2F73D7A58F6A644045534125394
                                                                                                                                                                                                                                                                          SHA-512:288C2873A731CB6004DDE4435D423AF69ABC0205F15C736D935D81F5CB5FF08726B3119140E89B51BF3441A1B0DAD2879E21040E98DDFB76F0E1B0C2602B6ABB
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....Z.c.....................~D.....2 ....... ....@..........................pF.....(........................................E..<.....D..............................!...............................=..@............ ...............................text............................... ..`.rdata..V.... ...0..................@..@.data... $B..P...&...>..............@....rsrc.........D......d..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\amer[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1390080
                                                                                                                                                                                                                                                                          Entropy (8bit):7.982755266283964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ZWSSNkObNBRORlgCtFei1cgGdnlz7p1IsKmZlZw8rVKI2AAFqUcv:YSpORBRKZMaD6DqsKAzw8pKGAFRk
                                                                                                                                                                                                                                                                          MD5:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          SHA1:66E3B7B8580DD5004A5449B69F65B4946C628374
                                                                                                                                                                                                                                                                          SHA-256:CAD6CF5A3F2A7B3CDB9E0E9FCB99F493E7C209B378868E4CA0D06CC64340B8B6
                                                                                                                                                                                                                                                                          SHA-512:0546211CD4DA795B7F492A53BFA2743B67D7BAEADD61FA4D96A948EF04046A910C9EBF2D9D6AC39E7F6D4F444E24FF2202BD72926B0143E74BC40913876B133B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e............................4.?...... ....@.......................... @...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....P....0..B..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\amer[2].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1390080
                                                                                                                                                                                                                                                                          Entropy (8bit):7.982755266283964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ZWSSNkObNBRORlgCtFei1cgGdnlz7p1IsKmZlZw8rVKI2AAFqUcv:YSpORBRKZMaD6DqsKAzw8pKGAFRk
                                                                                                                                                                                                                                                                          MD5:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          SHA1:66E3B7B8580DD5004A5449B69F65B4946C628374
                                                                                                                                                                                                                                                                          SHA-256:CAD6CF5A3F2A7B3CDB9E0E9FCB99F493E7C209B378868E4CA0D06CC64340B8B6
                                                                                                                                                                                                                                                                          SHA-512:0546211CD4DA795B7F492A53BFA2743B67D7BAEADD61FA4D96A948EF04046A910C9EBF2D9D6AC39E7F6D4F444E24FF2202BD72926B0143E74BC40913876B133B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e............................4.?...... ....@.......................... @...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....P....0..B..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\go[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):916480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5771729236320695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2TM:tqDEvCTbMWu7rQYlBQcBiT6rprG8aOM
                                                                                                                                                                                                                                                                          MD5:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          SHA1:1305DB28577661761E28815E979662A9338B7CC7
                                                                                                                                                                                                                                                                          SHA-256:5438AD0E2FED7F526C0DD667AA6FA0DF640E8F9896397D7FB8B41E6084F72BA8
                                                                                                                                                                                                                                                                          SHA-512:4A135951584165BFBCAAE183455F31D4BFBB8D9F22757E65BF098AF801EE63069F0C1332C099696024C5B00D41975F748E6CAF85F279D7D5BAE423EF2AE92EFC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...]T.e.........."..........L......w.............@..........................`......;.....@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\kkxxx[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):173568
                                                                                                                                                                                                                                                                          Entropy (8bit):6.799472007723213
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:6LMMwBf+RKk4wL8/YYCXnF/pstBaDqwONnct437Bl3N2U0IG:6LMLf+n+AYunF/p/uwONct43j92U0P
                                                                                                                                                                                                                                                                          MD5:01B605F85332ACCD77BF90B7FDE70594
                                                                                                                                                                                                                                                                          SHA1:EC1BA735E61468040AA74759EB874E81C7E38A64
                                                                                                                                                                                                                                                                          SHA-256:239FBC6BD53C756A0F4B218018F1669CE7384CF9E5A59EC4A5A71B2BF89706F2
                                                                                                                                                                                                                                                                          SHA-512:78E2CC554240F022ED4BBC8528BA7C2FB09123975BCE7D7580DD533B30E141AF67DD9236A2CA0DEEADB937DBA3BBAA4F8439A4ECC9170FC67CB38A1D6B790C55
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4..5p|.fp|.fp|.f..\fq|.f}.zfY|.f}.Dff|.f}.{f.|.fy..f}|.fp|.f.|.fU.~fs|.f}.@fq|.fp|.fq|.fU.Efq|.fRichp|.f........PE..L...^.e.............................6.......0....@.......................................@..........................................................................2..8............................y..@............0...............................text............................... ..`.rdata..2Y...0...Z..................@..@.data...@3...........p..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6839296
                                                                                                                                                                                                                                                                          Entropy (8bit):7.954812522986185
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:zjuccRwr7iT5eath+Be6FZ11OAbqmoHT1VAc5fb6d8cg83hilWRPLO+CW7eI1Of:iRwRajC1OAbAfAKfb6CC3hilEyIeN
                                                                                                                                                                                                                                                                          MD5:51A977874C9B190837BC2658396D4DFE
                                                                                                                                                                                                                                                                          SHA1:E193AA67104A47B41226AB6C38BAD3979FA77A5F
                                                                                                                                                                                                                                                                          SHA-256:07C186039358D2AE58C48A251366B0AED237339667290772F42C479F41E6C498
                                                                                                                                                                                                                                                                          SHA-512:FD20E4DC0A8B52D7373597DF577D1CD60AEC69FA5894B867844EAE4CB75398FD2C3BD47F8E7B4CEEA3AD71E23D625131DAAE998780B863E28E53C60FE1058951
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\latestrocki[1].exe, Author: ditekSHen
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.................Rh.........nph.. ....h...@.. ........................h...........@................................. ph.K.....h.......................h...................................................... ............... ..H............text...tPh.. ...Rh................. ..`.rsrc.........h......Th.............@..@.reloc........h......Zh.............@..B................Pph.....H.......lZh..............(..l2h..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\amer[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1390080
                                                                                                                                                                                                                                                                          Entropy (8bit):7.982755266283964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ZWSSNkObNBRORlgCtFei1cgGdnlz7p1IsKmZlZw8rVKI2AAFqUcv:YSpORBRKZMaD6DqsKAzw8pKGAFRk
                                                                                                                                                                                                                                                                          MD5:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          SHA1:66E3B7B8580DD5004A5449B69F65B4946C628374
                                                                                                                                                                                                                                                                          SHA-256:CAD6CF5A3F2A7B3CDB9E0E9FCB99F493E7C209B378868E4CA0D06CC64340B8B6
                                                                                                                                                                                                                                                                          SHA-512:0546211CD4DA795B7F492A53BFA2743B67D7BAEADD61FA4D96A948EF04046A910C9EBF2D9D6AC39E7F6D4F444E24FF2202BD72926B0143E74BC40913876B133B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e............................4.?...... ....@.......................... @...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....P....0..B..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):104448
                                                                                                                                                                                                                                                                          Entropy (8bit):6.38921269820025
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:MYHZ5o8D+sjrW2sosmrtuQRYKr77BUEYW0Z:McDoBkPsituQR5+W0Z
                                                                                                                                                                                                                                                                          MD5:85AF6C99D918757171D2D280E5AC61EF
                                                                                                                                                                                                                                                                          SHA1:BA1426D0ECF89825F690ADAD0A9F3C8C528ED48E
                                                                                                                                                                                                                                                                          SHA-256:150FB1285C252E2B79DEA84EFB28722CC22D370328CEB46FB9553DE1479E001E
                                                                                                                                                                                                                                                                          SHA-512:12C061D8FF87CDD3B1F26B84748396E4F56FC1429152E418988E042BC5362DF96A2F2C17BCF826D17A8BAE9045EE3BA0C063FB565D75C604E47009FF442E8C8E
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\clip64[1].dll, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.j.c.j.c.j.8.i.i.j.8.o..j.8.n.q.j..n.l.j..i.r.j..o.B.j.8.k.d.j.c.k...j...c.`.j...j.b.j.....b.j...h.b.j.Richc.j.........................PE..L...h.e...........!................!g....... ............................................@..........................z......<{..P....................................o..8............................o..@............ ..H............................text...V........................... ..`.rdata...b... ...d..................@..@.data................v..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\go[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):916480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5771729236320695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2TM:tqDEvCTbMWu7rQYlBQcBiT6rprG8aOM
                                                                                                                                                                                                                                                                          MD5:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          SHA1:1305DB28577661761E28815E979662A9338B7CC7
                                                                                                                                                                                                                                                                          SHA-256:5438AD0E2FED7F526C0DD667AA6FA0DF640E8F9896397D7FB8B41E6084F72BA8
                                                                                                                                                                                                                                                                          SHA-512:4A135951584165BFBCAAE183455F31D4BFBB8D9F22757E65BF098AF801EE63069F0C1332C099696024C5B00D41975F748E6CAF85F279D7D5BAE423EF2AE92EFC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...]T.e.........."..........L......w.............@..........................`......;.....@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\go[2].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):916480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5771729236320695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2TM:tqDEvCTbMWu7rQYlBQcBiT6rprG8aOM
                                                                                                                                                                                                                                                                          MD5:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          SHA1:1305DB28577661761E28815E979662A9338B7CC7
                                                                                                                                                                                                                                                                          SHA-256:5438AD0E2FED7F526C0DD667AA6FA0DF640E8F9896397D7FB8B41E6084F72BA8
                                                                                                                                                                                                                                                                          SHA-512:4A135951584165BFBCAAE183455F31D4BFBB8D9F22757E65BF098AF801EE63069F0C1332C099696024C5B00D41975F748E6CAF85F279D7D5BAE423EF2AE92EFC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...]T.e.........."..........L......w.............@..........................`......;.....@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\zona[1].exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1875456
                                                                                                                                                                                                                                                                          Entropy (8bit):7.966967532928012
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:YlepFWJg3+3cjCBbA7YGhqt6BciDEe2LaUm/12Cb/:aeXWi3WcjC+Dc5i9H/12w
                                                                                                                                                                                                                                                                          MD5:8661175D5D3A2D1014152C8E08823E33
                                                                                                                                                                                                                                                                          SHA1:6E51C22752D529BE20F62BB486384B42E250D951
                                                                                                                                                                                                                                                                          SHA-256:A4089C98B289784FE5EE297032E44A6A536FA8B7748A90229FC9CE2424A7A489
                                                                                                                                                                                                                                                                          SHA-512:1A5E38D91622BA471602E311A02B9AC3FB249122864B8F0564ED42541D10FFCC51BBEDD24D654426A1455F3CED99DF856381BC0766F03522F36A082696C6CF22
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...7g.e...............".....T.......BQ...........@..........................`Q...........@... .. .... .. .................. .B.p....P..P.....................B.........................................................................................................................@....................@..................@............@..........................@.......................................@....................r..................@....rsrc........P.......n..............@.............)..........*..............@....data.........A..x...&..............@...................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\176 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35420
                                                                                                                                                                                                                                                                          Entropy (8bit):5.086326020276881
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:/PtFYceo3KtwnY9nR+eXHxoZ/HJkNTBdHOT5Qhh7veKyt9KZe:Veo3KtwnY9nR+eXHcHJk/dHOTij75Be
                                                                                                                                                                                                                                                                          MD5:0DC057366A0E1C898405C4C21829E7E9
                                                                                                                                                                                                                                                                          SHA1:83BF1683DC56D1F8010CF06563A7410F2F95851A
                                                                                                                                                                                                                                                                          SHA-256:C48F6F938640D66E09C5CAE53DFFD9126A62186EF3219689DB95B29AC7D7EC66
                                                                                                                                                                                                                                                                          SHA-512:8B3F25C7FE764C32C803D9709B2404137D9C66B08E2075962523FB66485DB1FF7A27CF98BC8A5176F3A1DDA53FC716C81C6D2EFF5B448135DB691E9170B85EA9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<!doctype html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob: chrome:; style-src 'unsafe-inline';">. <meta name="color-scheme" content="light dark">. <title data-l10n-id="newtab-page-title"></title>. <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"/>. <link rel="localization" href="branding/brand.ftl" />. <link rel="localization" href="toolkit/branding/brandings.ftl" />. <link rel="localization" href="browser/newtab/newtab.ftl" />. <link rel="stylesheet" href="chrome://browser/content/contentSearchUI.css" />. <link rel="stylesheet" href="chrome://activity-stream/content/css/activity-stream.css" />. </head>. Cached: Wed, 17 Jan 2024 14:39:31 GMT -->. <body class="activity-stream">. <div id="header-asrouter-container" role="presentation"></div>. <div id="r

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\27843 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):113
                                                                                                                                                                                                                                                                          Entropy (8bit):4.851517542572541
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:VNikAUa0/XNWbdUyGLk8rLtPQ0IIt:PikADcEbdOx2Kt
                                                                                                                                                                                                                                                                          MD5:9C3F7584BE4A70407E7612603FEC5FF8
                                                                                                                                                                                                                                                                          SHA1:162C668354695C6DDF0E34FC1A8F0E957ED40A20
                                                                                                                                                                                                                                                                          SHA-256:0A09A3F31AC59546467DEC90C1161177D55A64ED5EDAEBB5D7D21910F9B07451
                                                                                                                                                                                                                                                                          SHA-512:495532325DFF14CD058764CA7FEB0311E77C2B8E6B8D134A1FE7015FA39E8BAAA297AF4433D6A806F52CFE1A4912274589C21F84742DA6B04B995F739690421B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:s.,.........e..e..Fvd........H....:https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\1E3866B584D906DD8CB8840AB2070142E2DEA38A

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):113
                                                                                                                                                                                                                                                                          Entropy (8bit):4.851517542572541
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:VNikAUa0/XNWbdUyGLk8rLtPQ0IIt:PikADcEbdOx2Kt
                                                                                                                                                                                                                                                                          MD5:9C3F7584BE4A70407E7612603FEC5FF8
                                                                                                                                                                                                                                                                          SHA1:162C668354695C6DDF0E34FC1A8F0E957ED40A20
                                                                                                                                                                                                                                                                          SHA-256:0A09A3F31AC59546467DEC90C1161177D55A64ED5EDAEBB5D7D21910F9B07451
                                                                                                                                                                                                                                                                          SHA-512:495532325DFF14CD058764CA7FEB0311E77C2B8E6B8D134A1FE7015FA39E8BAAA297AF4433D6A806F52CFE1A4912274589C21F84742DA6B04B995F739690421B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:s.,.........e..e..Fvd........H....:https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8378
                                                                                                                                                                                                                                                                          Entropy (8bit):6.092286818996133
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:vpLdW3V9H2zLLdW3V9H2zCNbZovqcdB9dBM:vpRK9HaRK9HRAPB/BM
                                                                                                                                                                                                                                                                          MD5:6D52C843D44D628184E45C0878CDBBEA
                                                                                                                                                                                                                                                                          SHA1:76F8AA2E4799C2FA23A530A78F5DCAFD5A9CAEB2
                                                                                                                                                                                                                                                                          SHA-256:EA8D9B561E15CF13B25E9FC64D429C4ABF50F17FE9C201F7FFB05AE75E385673
                                                                                                                                                                                                                                                                          SHA-512:5E3B49F72F59F79A9E27E9CD10E3A920DAEE2A626B3391E1954CAE69647CD414483B4B8B83C1C2CFBDD8CD3E686ECF10BA9DD440D36D5B7B473BF417022E6F69
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"permissions":{},"data":{"attachment":{"hash":"0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0","size":7581,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl","mimetype":"application/octet-stream"},"id":"cfr-v1-en-US","last_modified":1648230346554}}.T#Y..........e..e..Fvd.e.tj...q....:https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAAAAAAAAAAAA///ADwAAAAEAOQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAXxMIIF7TCCA9WgAwIBAgISA9GY462VxzkuNQVlgf5X+EAYMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjQwMTE2MTQzOTI0WhcNMjUwMTE1MTQzOTI0WjAmMSQwIgYDVQQDExtyZW1vdGUtc2V0dGl

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:PEM certificate
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):12978
                                                                                                                                                                                                                                                                          Entropy (8bit):6.043502178474692
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:HcFp03cN9O/kqz51CcOm4pOqsqwJn2rHCO1QERzXyBaofbaI8j3qq1tivie:HR3u9fiGLm4pUyrHCOK4CcoTaIdqHcx
                                                                                                                                                                                                                                                                          MD5:E7DADC5B1F575662A3173CAA62D8A617
                                                                                                                                                                                                                                                                          SHA1:0359A1FDD605880BD7F9F13011F8C4B7B47D6E76
                                                                                                                                                                                                                                                                          SHA-256:C077953477BA8E9D9F6077FC0660C163E9A5716D7F1D19CB0E1D21051D42A401
                                                                                                                                                                                                                                                                          SHA-512:92F2C052E659B3246B65FF53E4A68D4BA2E611FD6382283908EC3EE482989A51816F78585EC50CFD23830A4138696816B98A5FCE91DD7639474B33D469711229
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:-----BEGIN CERTIFICATE-----.MIIDBTCCAougAwIBAgIIF4NGAGgAoGAwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT.AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp.bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u.dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v.emlsbGEuY29tMB4XDTIzMDgxMDE1NTQxMloXDTIzMTAyOTE1NTQxMlowgakxCzAJ.BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp.biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D.bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt.c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8.zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7Gffqygmqry.EGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJEo4GD.MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME.GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0.dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD.aAAwZQIxAKnhW7gpmEDAerMLSrR9kyCc82//G8dmfBsMJJxS6HNtZJi79sTvtm

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:gzip compressed data, max speed, from Unix, original size modulo 2^32 3053715456
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8816
                                                                                                                                                                                                                                                                          Entropy (8bit):6.637195666453796
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:jRsyVdtUy5TdVzuNyaByZzIVzuNyaByZRNbZovzcd9YrdduYrl:jRjrtUYTdx7aByZUx7aByZRAQ9ifuil
                                                                                                                                                                                                                                                                          MD5:9DC47D68BFD7408C52AD32C38DF9DEBD
                                                                                                                                                                                                                                                                          SHA1:0E63A133869FA30F616B41EAA2607471839D1608
                                                                                                                                                                                                                                                                          SHA-256:4FB72E1EF4E3C0A80CD188AABD2E16ABE66CC1A93D94888D1008AC8E3FC14366
                                                                                                                                                                                                                                                                          SHA-512:5D7B8F48D341FA2F3731BDCD2BD568C4DCF1B030709D79D338B5EA517421D61138B503E6D9979C3C4790F3C55C5AB5268EE19A2E029A0D125932D2825CDF9F36
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..............J.........f.M#*...*........Z."6..;.v.n....&5.0g..93..?tJ..E.....unD....N..~.3..c.t.;U......^..k.=.(..w...u...w~Y.].....6.6E....$..-2.. .\...@C. .}. ... H\.."/.0.8I`.8p=.~I|.a..|......T....f4C%~.Ce.n...N.[F.h.....y.....N.iZ....\!...dN1...p...SO$..../$.4i..=.....=F~A...G.{.f.....PS|w..j)L.).u)$..F.x....-..`.0.>.+...K.m.,..../D.....t.WQ.%F.H..z...*c......,..1.3......&C..\.....J.HG-.mM....m<.fj^.b..[sBE.......%.xO...z2......#..wX'.D.pN_.....bHT~x..Y.i@...~.....z.k.{..w$F.ee1A.Z....<[....;..]...6.sf6...s....JM.6Q...X...0.=..6/k.........g..M..x...I......|#W.Ep 1.9.u.K..G>*.4...i..|7*z...[2}.c..%..<.z.F]..xc..*JQK.ns..."QO<g..._E..G..h{>.."..^*fP.(.X....B.gSkl..[)Z.GE.E.^?......_......2..5...]....;..=0.]0T...O.....w..._.....Q...3.....1{...n.......t.....kTQ...A..5V...|....w9w.o.>.{.5W(.....w......Y.~#..50.Ni.. 86..F.~[d...z..J0..n....L....\.r...:..y?f1.1..',..X..M/U..ue...sK'.;.|...S.{..o..6.H.S...I....8.......|9n4\c.<...=x.h....R..y..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\7FEF50EB1C89E58D7202896295BED2C7C56D1C99

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):454009
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997758614057211
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe0:tEsed2Xh9/bdzZe0
                                                                                                                                                                                                                                                                          MD5:D65630C3F4D356F7DEBA663B6CCC31CE
                                                                                                                                                                                                                                                                          SHA1:B87F7B07BE3EB28B636FC453E991DD86C48CAD45
                                                                                                                                                                                                                                                                          SHA-256:C6C271083CA648DE3A3AE34568BAE2C4F80EAB617205A0742FE030AFE5EAE724
                                                                                                                                                                                                                                                                          SHA-512:47D36B183F69EE647A5472973A91A173F10543004FFE5BFDBA24479E156EBC5BFD169FA33D5EB0235AC6E4C9FDF974FE424C8DF8130F113834F93D9615C04942
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\C886C15B36E63849FB9E86DCC97456303F590459

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                                                                                                          Entropy (8bit):4.675184584388499
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:BvePvacl+lljXvX3XDkDKVJ3uDVX8sX3u+llln:Je3aRjXDkw+qsHHl/n
                                                                                                                                                                                                                                                                          MD5:A462FF6CF6C8E1D43E524DD7A8E6A914
                                                                                                                                                                                                                                                                          SHA1:349338E044F0C8187CCA486F73F15A1A2237BA67
                                                                                                                                                                                                                                                                          SHA-256:585B507509518C84E1C375E286E14D888CFBC1672031F8D18BE1C828556A4349
                                                                                                                                                                                                                                                                          SHA-512:75BA05C4BC1CE76341CEE55C3FE2B7C7BA63B3D8014637C5BEEF016841DAC8AF3775EA64860EBAACFAEFA73EDA5937D8678EC895EAD25C5B999676C1F7160574
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...........e..\e...Fx........./....~predictor-origin,:https://accounts.google.com/.predictor::seen.1.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):35420
                                                                                                                                                                                                                                                                          Entropy (8bit):5.086326020276881
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:/PtFYceo3KtwnY9nR+eXHxoZ/HJkNTBdHOT5Qhh7veKyt9KZe:Veo3KtwnY9nR+eXHcHJk/dHOTij75Be
                                                                                                                                                                                                                                                                          MD5:0DC057366A0E1C898405C4C21829E7E9
                                                                                                                                                                                                                                                                          SHA1:83BF1683DC56D1F8010CF06563A7410F2F95851A
                                                                                                                                                                                                                                                                          SHA-256:C48F6F938640D66E09C5CAE53DFFD9126A62186EF3219689DB95B29AC7D7EC66
                                                                                                                                                                                                                                                                          SHA-512:8B3F25C7FE764C32C803D9709B2404137D9C66B08E2075962523FB66485DB1FF7A27CF98BC8A5176F3A1DDA53FC716C81C6D2EFF5B448135DB691E9170B85EA9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<!doctype html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; connect-src https:; img-src https: data: blob: chrome:; style-src 'unsafe-inline';">. <meta name="color-scheme" content="light dark">. <title data-l10n-id="newtab-page-title"></title>. <link rel="icon" type="image/png" href="chrome://branding/content/icon32.png"/>. <link rel="localization" href="branding/brand.ftl" />. <link rel="localization" href="toolkit/branding/brandings.ftl" />. <link rel="localization" href="browser/newtab/newtab.ftl" />. <link rel="stylesheet" href="chrome://browser/content/contentSearchUI.css" />. <link rel="stylesheet" href="chrome://activity-stream/content/css/activity-stream.css" />. </head>. Cached: Wed, 17 Jan 2024 14:39:31 GMT -->. <body class="activity-stream">. <div id="header-asrouter-container" role="presentation"></div>. <div id="r

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):490
                                                                                                                                                                                                                                                                          Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                          MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                          SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                          SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                          SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\scriptCache-child-new.bin

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2029892
                                                                                                                                                                                                                                                                          Entropy (8bit):4.7011615271308225
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:66j+d487l/bpQoykPA1OEiCIuRhRuPoCnE2ZzNYLQhhWiqAg+XdN43Ib+M5TkRXi:kdR7l/bLs6BjUNRkcwR
                                                                                                                                                                                                                                                                          MD5:FFBB4DDB787E104E0CB47B375F63B4C6
                                                                                                                                                                                                                                                                          SHA1:F561E9C83EFB593782ADD63ECB0995EC27A95B7B
                                                                                                                                                                                                                                                                          SHA-256:8CE5213AD1AEA67B65C158C7ED264C44828FA3BDD54ED2CFBFE6BDB5B91B6741
                                                                                                                                                                                                                                                                          SHA-512:360741F7F4E5C3F5900156CBE082A8B665EEE8CB493EC2643BC3D6881AB4AE2D4B83ACD247BA60E64DFF4D4EAEFE984CC699A957C064F7310F701C0D782EF668
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozXDRcachev003.....#.%.9.resource://gre/modules/TelemetryControllerContent.sys.mjsU.jsloader/non-syntactic/module/resource/gre/modules/TelemetryControllerContent.sys.mjs.........6.resource://gre/modules/TelemetryControllerBase.sys.mjsR.jsloader/non-syntactic/module/resource/gre/modules/TelemetryControllerBase.sys.mjs.........+.resource://gre/modules/AppConstants.sys.mjsG.jsloader/non-syntactic/module/resource/gre/modules/AppConstants.sys.mjs.&..T....".resource://gre/modules/Log.sys.mjs>.jsloader/non-syntactic/module/resource/gre/modules/Log.sys.mjs8C..Hp...).resource://gre/modules/XPCOMUtils.sys.mjsE.jsloader/non-syntactic/module/resource/gre/modules/XPCOMUtils.sys.mjs.....3...*.chrome://global/content/process-content.jsG.mm/script/resource/gre/chrome/toolkit/content/global/process-content.js@........6.resource://gre/modules/extensionProcessScriptLoader.js>.mm/script/resource/gre/modules/extensionProcessScriptLoader.js ........5.resource://gre/modules/ExtensionProcessScript.sys.mjsQ.j

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\scriptCache-child.bin (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2029892
                                                                                                                                                                                                                                                                          Entropy (8bit):4.7011615271308225
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:66j+d487l/bpQoykPA1OEiCIuRhRuPoCnE2ZzNYLQhhWiqAg+XdN43Ib+M5TkRXi:kdR7l/bLs6BjUNRkcwR
                                                                                                                                                                                                                                                                          MD5:FFBB4DDB787E104E0CB47B375F63B4C6
                                                                                                                                                                                                                                                                          SHA1:F561E9C83EFB593782ADD63ECB0995EC27A95B7B
                                                                                                                                                                                                                                                                          SHA-256:8CE5213AD1AEA67B65C158C7ED264C44828FA3BDD54ED2CFBFE6BDB5B91B6741
                                                                                                                                                                                                                                                                          SHA-512:360741F7F4E5C3F5900156CBE082A8B665EEE8CB493EC2643BC3D6881AB4AE2D4B83ACD247BA60E64DFF4D4EAEFE984CC699A957C064F7310F701C0D782EF668
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozXDRcachev003.....#.%.9.resource://gre/modules/TelemetryControllerContent.sys.mjsU.jsloader/non-syntactic/module/resource/gre/modules/TelemetryControllerContent.sys.mjs.........6.resource://gre/modules/TelemetryControllerBase.sys.mjsR.jsloader/non-syntactic/module/resource/gre/modules/TelemetryControllerBase.sys.mjs.........+.resource://gre/modules/AppConstants.sys.mjsG.jsloader/non-syntactic/module/resource/gre/modules/AppConstants.sys.mjs.&..T....".resource://gre/modules/Log.sys.mjs>.jsloader/non-syntactic/module/resource/gre/modules/Log.sys.mjs8C..Hp...).resource://gre/modules/XPCOMUtils.sys.mjsE.jsloader/non-syntactic/module/resource/gre/modules/XPCOMUtils.sys.mjs.....3...*.chrome://global/content/process-content.jsG.mm/script/resource/gre/chrome/toolkit/content/global/process-content.js@........6.resource://gre/modules/extensionProcessScriptLoader.js>.mm/script/resource/gre/modules/extensionProcessScriptLoader.js ........5.resource://gre/modules/ExtensionProcessScript.sys.mjsQ.j

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\scriptCache-new.bin

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9057888
                                                                                                                                                                                                                                                                          Entropy (8bit):4.734706627079042
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:VvBwPDxG4C4sWDc+ikpXGBmjRAuAgdyR+Fzy0CaDkvG1Kl/S/qyaXN7h//uTl+EL:VvsEW5IBmeVgdydvn/SSyav/Y+EKm
                                                                                                                                                                                                                                                                          MD5:A9F97638CA0338B53F86B638223B094D
                                                                                                                                                                                                                                                                          SHA1:5127FBF794447A6B97802597FAD0F18A40119AF2
                                                                                                                                                                                                                                                                          SHA-256:2658486EDCD3709FEB44622B73FC0944A5850523A66F9DFBDA76136D37E19B80
                                                                                                                                                                                                                                                                          SHA-512:AD71DD6E507671501FA5208A123E44FAEA388B7BBCD4440DC4D461CA6BCA2ADE9D092D2463D0C28BD7207993274F2C570737F10EE9CFF6FA782D140EE86258BA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozXDRcachev003........3.resource://gre/modules/MainProcessSingleton.sys.mjsO.jsloader/non-syntactic/module/resource/gre/modules/MainProcessSingleton.sys.mjs.........5.resource://gre/modules/CustomElementsListener.sys.mjsQ.jsloader/non-syntactic/module/resource/gre/modules/CustomElementsListener.sys.mjs....H....'.resource:///modules/BrowserGlue.sys.mjsF.jsloader/non-syntactic/module/resource/app/modules/BrowserGlue.sys.mjs.........1.resource://gre/modules/ActorManagerParent.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/ActorManagerParent.sys.mjs.....R...'.resource://gre/modules/XULStore.sys.mjsC.jsloader/non-syntactic/module/resource/gre/modules/XULStore.sys.mjs.7..x5.....resource://gre/modules/nsAsyncShutdown.sys.mjsJ.jsloader/non-syntactic/module/resource/gre/modules/nsAsyncShutdown.sys.mjs.m...,...,.resource://gre/modules/AsyncShutdown.sys.mjsH.jsloader/non-syntactic/module/resource/gre/modules/AsyncShutdown.sys.mjs.........2.resource://gre/modules/TelemetryTimestamps

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\scriptCache.bin (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9057888
                                                                                                                                                                                                                                                                          Entropy (8bit):4.734706627079042
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:VvBwPDxG4C4sWDc+ikpXGBmjRAuAgdyR+Fzy0CaDkvG1Kl/S/qyaXN7h//uTl+EL:VvsEW5IBmeVgdydvn/SSyav/Y+EKm
                                                                                                                                                                                                                                                                          MD5:A9F97638CA0338B53F86B638223B094D
                                                                                                                                                                                                                                                                          SHA1:5127FBF794447A6B97802597FAD0F18A40119AF2
                                                                                                                                                                                                                                                                          SHA-256:2658486EDCD3709FEB44622B73FC0944A5850523A66F9DFBDA76136D37E19B80
                                                                                                                                                                                                                                                                          SHA-512:AD71DD6E507671501FA5208A123E44FAEA388B7BBCD4440DC4D461CA6BCA2ADE9D092D2463D0C28BD7207993274F2C570737F10EE9CFF6FA782D140EE86258BA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozXDRcachev003........3.resource://gre/modules/MainProcessSingleton.sys.mjsO.jsloader/non-syntactic/module/resource/gre/modules/MainProcessSingleton.sys.mjs.........5.resource://gre/modules/CustomElementsListener.sys.mjsQ.jsloader/non-syntactic/module/resource/gre/modules/CustomElementsListener.sys.mjs....H....'.resource:///modules/BrowserGlue.sys.mjsF.jsloader/non-syntactic/module/resource/app/modules/BrowserGlue.sys.mjs.........1.resource://gre/modules/ActorManagerParent.sys.mjsM.jsloader/non-syntactic/module/resource/gre/modules/ActorManagerParent.sys.mjs.....R...'.resource://gre/modules/XULStore.sys.mjsC.jsloader/non-syntactic/module/resource/gre/modules/XULStore.sys.mjs.7..x5.....resource://gre/modules/nsAsyncShutdown.sys.mjsJ.jsloader/non-syntactic/module/resource/gre/modules/nsAsyncShutdown.sys.mjs.m...,...,.resource://gre/modules/AsyncShutdown.sys.mjsH.jsloader/non-syntactic/module/resource/gre/modules/AsyncShutdown.sys.mjs.........2.resource://gre/modules/TelemetryTimestamps

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\urlCache-new.bin

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3010
                                                                                                                                                                                                                                                                          Entropy (8bit):4.8006346636650745
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:QwFGeU3deYVegWWKmWtoBYjYdYgbbYgbqhNTKWeRryLPZefSyWr9HicStpRtNm7J:QmLU3bu38qgbkgbIKKRCUOt9Jrq
                                                                                                                                                                                                                                                                          MD5:E3D92787C5EA690EF67DC79214CC0D07
                                                                                                                                                                                                                                                                          SHA1:CB447CE4CDA168A13B6DC339F82A6F1C28B86CE0
                                                                                                                                                                                                                                                                          SHA-256:64F58D65A481B78E62CD1E1486A00B4762F7247C9A7D17A5B82712948B4A23A1
                                                                                                                                                                                                                                                                          SHA-512:47DDC83B0FBDBF2700E1171FC58FE32D18A9C38F3BE212C4C1713D0EAFCB8B618DB698EBE7196501B15D2889B7A04D0D7660D4083BCCE9010B2E227F3A0B1FF9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozURLcachev003.....s.-.._.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json.%.chrome/toolkit/content/global/xul.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/quirk.css.!.chrome/toolkit/res/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.;.C:\Program Files\Mozilla Firefox\distribution\policies.json.3.chrome/browser/content/browser/built_in_addons.json.g.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.0.chrome/en-US/locale/en-US/global/intl.properties.I.chrome/en-US/locale/en-US/mozapps/downloads/unknownContentType.properties.-.chrome/en-US/locale/branding/brand.properties.=.chrome/en-US/locale/en-US/global/layout/htmlparser.properties.1.localization/en-US/toolkit/about/aboutPlugins.ftl.1.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\urlCache.bin (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3010
                                                                                                                                                                                                                                                                          Entropy (8bit):4.8006346636650745
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:QwFGeU3deYVegWWKmWtoBYjYdYgbbYgbqhNTKWeRryLPZefSyWr9HicStpRtNm7J:QmLU3bu38qgbkgbIKKRCUOt9Jrq
                                                                                                                                                                                                                                                                          MD5:E3D92787C5EA690EF67DC79214CC0D07
                                                                                                                                                                                                                                                                          SHA1:CB447CE4CDA168A13B6DC339F82A6F1C28B86CE0
                                                                                                                                                                                                                                                                          SHA-256:64F58D65A481B78E62CD1E1486A00B4762F7247C9A7D17A5B82712948B4A23A1
                                                                                                                                                                                                                                                                          SHA-512:47DDC83B0FBDBF2700E1171FC58FE32D18A9C38F3BE212C4C1713D0EAFCB8B618DB698EBE7196501B15D2889B7A04D0D7660D4083BCCE9010B2E227F3A0B1FF9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozURLcachev003.....s.-.._.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json.%.chrome/toolkit/content/global/xul.css...res/contenteditable.css.$.chrome/toolkit/res/counterstyles.css...res/designmode.css...chrome/toolkit/res/forms.css...chrome/toolkit/res/html.css...chrome/toolkit/res/mathml.css...chrome/toolkit/res/noframes.css...chrome/toolkit/res/quirk.css.!.chrome/toolkit/res/scrollbars.css...res/svg.css...chrome/toolkit/res/ua.css.;.C:\Program Files\Mozilla Firefox\distribution\policies.json.3.chrome/browser/content/browser/built_in_addons.json.g.C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.0.chrome/en-US/locale/en-US/global/intl.properties.I.chrome/en-US/locale/en-US/mozapps/downloads/unknownContentType.properties.-.chrome/en-US/locale/branding/brand.properties.=.chrome/en-US/locale/en-US/global/layout/htmlparser.properties.1.localization/en-US/toolkit/about/aboutPlugins.ftl.1.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1509376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.651826632483482
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:nUalkVcJGB7FyCTEaYtT9SfVK5Y3IexDzSf3Z8MQQvTICTNiTPUXl7TP8o1Cl8:nyWJG7yUVYtT8RSPKqvTVTUs9TP8o1Cm
                                                                                                                                                                                                                                                                          MD5:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          SHA1:FD4738C226BF7672880144AAD0135576AD3C1FA4
                                                                                                                                                                                                                                                                          SHA-256:2EB564562FC5D4D4AB4EFCA29E542BA64DA9B04A58B7C6A39ACE4E53AD12273A
                                                                                                                                                                                                                                                                          SHA-512:05A943DDB4A808EEE6F05EC091EB9E751602DBC2C7B8B8B27CFDF00274002434AA2718246CA77F6932059AD597DE51B422F06717C343D4F9AAAB9E4D0D44640F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...7g.e...............".....T....................@..........................P............@............................................(.......................4.......8..............................@............................................text............................... ..`.rdata..............................@..@.data....6....... ..................@....rsrc...(...........................@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1000384001\autorun.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):367616
                                                                                                                                                                                                                                                                          Entropy (8bit):7.868902079164761
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:7Lnm91i1m7pJ4OlXq/XN3qq1BCDcFJ5eUE8Dod5w6EUdEjzOdIj:Pm90E7pJvq/t8cFJ5vELrTdEjz
                                                                                                                                                                                                                                                                          MD5:70A53CEA1F5F40353D5F6A6BF02A95C0
                                                                                                                                                                                                                                                                          SHA1:E8A936CD25241CA66DEAFE300E87F81F376E63CC
                                                                                                                                                                                                                                                                          SHA-256:D884369789550A8A68F06719E4D8B5378179ED94435B8AFB7BC2EADAADE695E6
                                                                                                                                                                                                                                                                          SHA-512:2B28B3C2BCD9114904848F6167ABD7C9B977D6CD56789E35D698972CECA0F5D0354BB39FD2C2FC2FAA6A90301875508378F81E9101437BEADEC586C8AC430B02
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nX.e................................. ........@.. ..............................U3....`.................................p...K.......B...........................*................................................ ............... ..H............text....... ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B........................H.......,...PY..........|................................................0..V.......~....:K.........(.... .... .... ....s....(............(....(.... ....?....r...ps....z*...(,...(....*.0.......... .......... ............8.......(...........i]....X.. ....?........8$.......X...X ....]...................X.. ....?...........8......X ....].....X ....]..................&...& .=.e 5..Pa~y...{....a(....(...............X ....]..........%q........a........X......i?w...*..............&

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6839296
                                                                                                                                                                                                                                                                          Entropy (8bit):7.954812522986185
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:zjuccRwr7iT5eath+Be6FZ11OAbqmoHT1VAc5fb6d8cg83hilWRPLO+CW7eI1Of:iRwRajC1OAbAfAKfb6CC3hilEyIeN
                                                                                                                                                                                                                                                                          MD5:51A977874C9B190837BC2658396D4DFE
                                                                                                                                                                                                                                                                          SHA1:E193AA67104A47B41226AB6C38BAD3979FA77A5F
                                                                                                                                                                                                                                                                          SHA-256:07C186039358D2AE58C48A251366B0AED237339667290772F42C479F41E6C498
                                                                                                                                                                                                                                                                          SHA-512:FD20E4DC0A8B52D7373597DF577D1CD60AEC69FA5894B867844EAE4CB75398FD2C3BD47F8E7B4CEEA3AD71E23D625131DAAE998780B863E28E53C60FE1058951
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\1000385001\latestrocki.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.................Rh.........nph.. ....h...@.. ........................h...........@................................. ph.K.....h.......................h...................................................... ............... ..H............text...tPh.. ...Rh................. ..`.rsrc.........h......Th.............@..@.reloc........h......Zh.............@..B................Pph.....H.......lZh..............(..l2h..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1000389001\987123.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):281088
                                                                                                                                                                                                                                                                          Entropy (8bit):6.512504106980186
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:R6cvPUr3ML0hqprrFajzR3yQqrPnuHlc/LMOQF0GWYa5aufYO+f4qqx:R6KP28L0QprmR3yQkvEQMOc0GFuQO+K
                                                                                                                                                                                                                                                                          MD5:4CCD48A9C3D1559A8531334C58B3EBD1
                                                                                                                                                                                                                                                                          SHA1:B9B8EC0DB84F5FE6741E6440BA72C6CAE05311ED
                                                                                                                                                                                                                                                                          SHA-256:9FBB6BE64CE733CABAA16D80B36AB68F4D0EF2F73D7A58F6A644045534125394
                                                                                                                                                                                                                                                                          SHA-512:288C2873A731CB6004DDE4435D423AF69ABC0205F15C736D935D81F5CB5FF08726B3119140E89B51BF3441A1B0DAD2879E21040E98DDFB76F0E1B0C2602B6ABB
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....Z.c.....................~D.....2 ....... ....@..........................pF.....(........................................E..<.....D..............................!...............................=..@............ ...............................text............................... ..`.rdata..V.... ...0..................@..@.data... $B..P...&...>..............@....rsrc.........D......d..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1000390001\kkxxx.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):173568
                                                                                                                                                                                                                                                                          Entropy (8bit):6.799472007723213
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:6LMMwBf+RKk4wL8/YYCXnF/pstBaDqwONnct437Bl3N2U0IG:6LMLf+n+AYunF/p/uwONct43j92U0P
                                                                                                                                                                                                                                                                          MD5:01B605F85332ACCD77BF90B7FDE70594
                                                                                                                                                                                                                                                                          SHA1:EC1BA735E61468040AA74759EB874E81C7E38A64
                                                                                                                                                                                                                                                                          SHA-256:239FBC6BD53C756A0F4B218018F1669CE7384CF9E5A59EC4A5A71B2BF89706F2
                                                                                                                                                                                                                                                                          SHA-512:78E2CC554240F022ED4BBC8528BA7C2FB09123975BCE7D7580DD533B30E141AF67DD9236A2CA0DEEADB937DBA3BBAA4F8439A4ECC9170FC67CB38A1D6B790C55
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4..5p|.fp|.fp|.f..\fq|.f}.zfY|.f}.Dff|.f}.{f.|.fy..f}|.fp|.f.|.fU.~fs|.f}.@fq|.fp|.fq|.fU.Efq|.fRichp|.f........PE..L...^.e.............................6.......0....@.......................................@..........................................................................2..8............................y..@............0...............................text............................... ..`.rdata..2Y...0...Z..................@..@.data...@3...........p..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1000391001\zona.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1875456
                                                                                                                                                                                                                                                                          Entropy (8bit):7.966967532928012
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:YlepFWJg3+3cjCBbA7YGhqt6BciDEe2LaUm/12Cb/:aeXWi3WcjC+Dc5i9H/12w
                                                                                                                                                                                                                                                                          MD5:8661175D5D3A2D1014152C8E08823E33
                                                                                                                                                                                                                                                                          SHA1:6E51C22752D529BE20F62BB486384B42E250D951
                                                                                                                                                                                                                                                                          SHA-256:A4089C98B289784FE5EE297032E44A6A536FA8B7748A90229FC9CE2424A7A489
                                                                                                                                                                                                                                                                          SHA-512:1A5E38D91622BA471602E311A02B9AC3FB249122864B8F0564ED42541D10FFCC51BBEDD24D654426A1455F3CED99DF856381BC0766F03522F36A082696C6CF22
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...7g.e...............".....T.......BQ...........@..........................`Q...........@... .. .... .. .................. .B.p....P..P.....................B.........................................................................................................................@....................@..................@............@..........................@.......................................@....................r..................@....rsrc........P.......n..............@.............)..........*..............@....data.........A..x...&..............@...................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1000392001\liva.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1509376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.651826632483482
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:nUalkVcJGB7FyCTEaYtT9SfVK5Y3IexDzSf3Z8MQQvTICTNiTPUXl7TP8o1Cl8:nyWJG7yUVYtT8RSPKqvTVTUs9TP8o1Cm
                                                                                                                                                                                                                                                                          MD5:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          SHA1:FD4738C226BF7672880144AAD0135576AD3C1FA4
                                                                                                                                                                                                                                                                          SHA-256:2EB564562FC5D4D4AB4EFCA29E542BA64DA9B04A58B7C6A39ACE4E53AD12273A
                                                                                                                                                                                                                                                                          SHA-512:05A943DDB4A808EEE6F05EC091EB9E751602DBC2C7B8B8B27CFDF00274002434AA2718246CA77F6932059AD597DE51B422F06717C343D4F9AAAB9E4D0D44640F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\1000392001\liva.exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C.........L.....L.....L.....H.G...H.....H.....H...R.L.....L.....L...............E.....-........Rich..................PE..L...7g.e...............".....T....................@..........................P............@............................................(.......................4.......8..............................@............................................text............................... ..`.rdata..............................@..@.data....6....... ..................@....rsrc...(...........................@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\27082bdd-19bc-46cb-84fd-6a39f9664ab3.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):31335
                                                                                                                                                                                                                                                                          Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                          MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                          SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                          SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                          SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\8b389fbd-51cd-4b2e-8f7e-654ea06a9e93.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):91671
                                                                                                                                                                                                                                                                          Entropy (8bit):7.8774767243532695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:B2Y2RUm46OClYKr5DXyzN0iFD8xPT4jobgdNhBKDyU4W3NrUeNWy4cSbJUl4yv:8L9prNyzFB8hGXnhouer/W0KJ+4i
                                                                                                                                                                                                                                                                          MD5:2BBD469CC894351258066DB2023D206B
                                                                                                                                                                                                                                                                          SHA1:3EF9EA3B62E43301B6287361B16AC01F5780AD35
                                                                                                                                                                                                                                                                          SHA-256:70CE55C69127635BCB579E1878C4C74F7707BD708CD57273E8B4891459A6A0EF
                                                                                                                                                                                                                                                                          SHA-512:421F3D78F5C132243B78C73FE7660BB3E045E83E30C0B3A2D6597E0C9E3C19DD4681491981E3C3A649C1E4E2A91BD982529234DA8DA1BFFB46651B74321E34D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24....e"........0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........V....h.[..9..?..R...a.y..x....P..o...Tc.<^.N..S.....c$j.jZ...t.A.3...H..._....Q.Sx.{7...<......wO.......%>..ZGs...*...K...&..ua#.>......E.a..2u;...|.^yU........o......!.;7..E;.3.~..B...*...W.a!....O.q.z...yd...)3.6...f..?.B..G.......]'-.....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ..O7..~.y.G..!s(........Faul.... .G..GZ.. <tS..28/22dlO.V...&...".>...........|]s.<{._.........l...X".}.:.{...A`....y.{..y..v.=....d..|-].k-.........4.O.......4myn.ij>...?.......?..87......Sy.R..k.U.kI.Z..........|,.....[........(C=..[..t4..c....>....=..^.._.._P.......z.}).;.9>}./m,..Z..u...`.g6...P.....k

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\9f305dc5-fa0b-44a6-aa4a-77d3ca2ac76c.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 22683
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):227357
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997131537522689
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:3072:+KstaQJParL9jHuo/zB2FeV72k9MmIS+959CMOzbxvGlpLx54aRoYk+fMilMUg9:MtmL9yQthV72hCMtXLvtFgii9
                                                                                                                                                                                                                                                                          MD5:FF7B78124B1E5A58B8334939EB3BB1A5
                                                                                                                                                                                                                                                                          SHA1:D7A63D39CA08359C9C8582DC8B8E82F58AA4ECD5
                                                                                                                                                                                                                                                                          SHA-256:7BCF56989BE5018843D7AE26D40559674C7F1E2382C64508D89CE206D444BDFC
                                                                                                                                                                                                                                                                          SHA-512:DFACCBBAC99F949E07F40429DC9BFA352887F444208609E7097E89D2096BB887D5B6993F2A5DCF9861B3488EB73D2DD64A73048F95883782FC12795561F65C2B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...........<mW.8......=..A1..mk.....].K[..\.W.e......$...H.-.P.....C...H3.wIh..=.Y.M5{:.r.g.....=.Kg.4....q.9r~.\.l=.%.4J......y...............w..[.\.Sx]..:..K.....N\..c.Y.<...>l..!=.3..o].|@........}j~.xB.{........Gm.S....k..tlmn....cfz.H3........|..`.H.x...S.....?E....|.Ks.t....a#...8K.....;Cnd...a.......h..WQ.k..8.r.Y..S.;..%.t..\.....S....\...a\s....X7...9.3.....O......".!"K....<.||......}:........$g4..)..L.......@`..*.^J..Z.Hm.z5#.X.oi6..)....(oq`..L.(..h-.nh.0.....k..........t...a.y.....%X..3...!!W.........!c.....}A.Y.k.PA...^.....,.R..r.|...<NNV.bx....u..[.7.%.3s.Z.....{bM.5`8_...X??.&E#..vA.k..;;...<WZ.y.-.]......q.k.'W.O|0+...-yAK.....eA..h...s.Fiv[..f..W.x.,.O.(.O.D].0:....N.Q45..Ks>.=2 ....8....,.W.SX ..S...T@V...p..@...\.u\...*0.W.^.^ ...jE.6..}....*.@...@....[0.ZBo..b_....J.2.t......a..........G.Y...fy.{W..0....h.X.R_6n....R...&9.Y..]..g,c..2.S4K./.......fv.^.|J..Y...%..d~...O......tD..$M.g....a.._.....I.i...N...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Skk_NXN64QjDo1ESm8EmS3Tz8c2DGmsi.zip

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2701
                                                                                                                                                                                                                                                                          Entropy (8bit):7.714528514643441
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:93Ia3nlnPtLe0TrwRZTG4XilUNWWpx06lal0ZT19qZh3zn3KJ63Ak3uO3TG3rw:/hvwii/cWpLgl41Uz3KJm
                                                                                                                                                                                                                                                                          MD5:5D3B7CF85069F6E786FFDC70A863506D
                                                                                                                                                                                                                                                                          SHA1:31559E0F2E96F66008D67597BBB18D7E483A8702
                                                                                                                                                                                                                                                                          SHA-256:280A7911E4E4671D17D2E5E910D91A552F920BB9DB9FAD85B4F62F8360D5D895
                                                                                                                                                                                                                                                                          SHA-512:EC7478A2B81D72E08CFDD6355E0F4F154FA6C5B18DD982BCF2D3B3C22A4E39E1676183455F69792E67A0D5E71A426C2852C8517BEF9661B511C7FDC738A13F10
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\Skk_NXN64QjDo1ESm8EmS3Tz8c2DGmsi.zip, Author: Joe Security
                                                                                                                                                                                                                                                                          Preview:PK.........|1X................Cookies\..PK.........|1X........$.......Cookies\Chrome_Default.txt....P...5.........`.L2J1l..\@.k.D..M'.t.k[Op...k...=..#T......?T...y..8.!(.h.>....o?.E.<.....EvWV.A....r,.4..|...u..<..4..T..w..1....._V..a..jZ....qcY..:.T.I.................l9.u..M.n.Q.W..Y3..".i...N.....;.n....t..].|-8|....W..v.....If&xA,}.`+5~.....Yx-..3..><9.]K.)..in.. .H=.@..FEH.a..<...0.j...t.J,=>6..z.k.x...N...f*.R.+.Y...~i.I..4.....p.Wm...5j.............*....tI..t.o..E....PK.........|1X..A.............information.txtuX.S.6.~.L.....n....<....w..$.^.......Jm.....]....z.f..j..oW...,OG......Uf..aC...{gqmF... , L.D8..p.eo.'wYa..F$2L..I...8.,.t1P.2...EJu....7.".....x..1.0a. ...%.FZ..._7.AhbJ...@.%.R.`2.TD&.t..9.....n..]....o'.O.s&...C.3..-..YV:...2...-....m.b.8......o.8.g..".'....Y..w1....2=d.._ ..T;.f?...|k..g......}......(.P..N....]o..)..x.|K.B..{Mp{.....U.<~".....=........Xm..l4.`|..}6O........X.YuG.].Y.%........Km.9.gMP,..>4Bx.E...i.X

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\aab9b220-316b-477d-aab6-b3d5be6e6520.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10987
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9533289149420625
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:BEhlw81PmHlmu6H0wbcosQxhTHGPJz4y4iqooeIfU+TEsegckOE7A4t:eP1+H8h0YNF3rGP+y4eIfUoEtkO+AA
                                                                                                                                                                                                                                                                          MD5:7AA0C0B17FEED14023C4FB189AA6072D
                                                                                                                                                                                                                                                                          SHA1:0B571B13F28AFCD96915108042BEB13A623A3CDA
                                                                                                                                                                                                                                                                          SHA-256:78AD07BCACBCB23C274D025F38746FF766FA4EBA41EE1AA68C238E329837DC09
                                                                                                                                                                                                                                                                          SHA-512:9C0E3D35EB32E8C1E907C6D1C45776235E31B979C8BE05767E6802186EDDB4D9EE337972A39E150DBE1C464E8BA391F401ABC69FB41700DA4E70E2EC624901E6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g........l....O.<. ]...U....E_.%=...N/`.^M^..<...t....g...z..^.H.Z.-....P.[F..@..`?.9X.%.. .7.}.Ul#.^....kZ.~n....N`..}S.V....$.co.....&..A/..?~aR.I..3S...`q5........AX....h.s.[h..`......3..._sQ...k.+....;..Jm.H.......k.-.<...%.?`.d7ti.p..D:.........0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e..............U.:..R.....|.0+....Z.......s.<.=e.pkS..>.b.)..M-%.......Oe.A.W.x]|.4o....ij..c...La$.%.W.KU.A#.8....9..F}....?...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1390080
                                                                                                                                                                                                                                                                          Entropy (8bit):7.982755266283964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ZWSSNkObNBRORlgCtFei1cgGdnlz7p1IsKmZlZw8rVKI2AAFqUcv:YSpORBRKZMaD6DqsKAzw8pKGAFRk
                                                                                                                                                                                                                                                                          MD5:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          SHA1:66E3B7B8580DD5004A5449B69F65B4946C628374
                                                                                                                                                                                                                                                                          SHA-256:CAD6CF5A3F2A7B3CDB9E0E9FCB99F493E7C209B378868E4CA0D06CC64340B8B6
                                                                                                                                                                                                                                                                          SHA-512:0546211CD4DA795B7F492A53BFA2743B67D7BAEADD61FA4D96A948EF04046A910C9EBF2D9D6AC39E7F6D4F444E24FF2202BD72926B0143E74BC40913876B133B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e............................4.?...... ....@.......................... @...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....P....0..B..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\fEMM7MXc0YqyJawkJDze71X6lYIiC_Ic.zip

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2741
                                                                                                                                                                                                                                                                          Entropy (8bit):7.722094433535651
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:9EbaEUL8DZIJZe4jfl2vqtzaXXyXUmRV6g4ri5Aj4OOi8XAkcSR3on3KJ6ErkEt4:SRG8DOZbfteXXHNl41XXANSR3o3KJVDC
                                                                                                                                                                                                                                                                          MD5:253E8D677813B162D5C7EDBD9ABB544C
                                                                                                                                                                                                                                                                          SHA1:4955B0FC65EC0D3141D8CAB03DF8DE7FAE1D451E
                                                                                                                                                                                                                                                                          SHA-256:745B089497C499046FC9D6A457F6FACA5E8BD5C9E1324BD9A59005489299638B
                                                                                                                                                                                                                                                                          SHA-512:837211DF0CD02AE8F997135F6B7F6CC49E3E5E9C7B07FEDE1A1839BD027A7032A850994F2CCE28655138D632AD5A51613EAEC81A819CFBF9F2ECDC5FB53BA99B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\fEMM7MXc0YqyJawkJDze71X6lYIiC_Ic.zip, Author: Joe Security
                                                                                                                                                                                                                                                                          Preview:PK.........|1X................Cookies\..PK.........|1X..E.............Cookies\Chrome_Default.txt....P.@.5.....d...`|L2J1l.. .3."_..N.......q..b..=../c.;{.........4F8...0..Y.........Z}Y.g.<w3.f.W(....K.o..l...!*.......y.o;.F..5%.....|0MS.....J.,....../.o...8.H...,M.......;.....I!.z.W....j...e....fE.?.X....6...g...skL.K.85b.U.5...[/.<.h....C..|...C5"{..i.$...'..W).f.O.i..4.....L..Z..t.Z(].2.m.?..<....]........f..I3?.q..8U.6...8.N.y_#Vb...g.k?.Z1.!.3$.....\.%...PK.........|1XiV.A9...........information.txt.XMo.F.....X......^R..J.;...c.v.....S\............0.Xoggg..].p[...4ez..G_m........h<z..vJ.mN>..a.05....)...4.)*{.vJ..^.d...N..t....D..."6......Eg.O*Df....t...8c.$...%.&Z.;..]v.&.)..e..z.L..L...A.]..i{3%...E..\...U..[..ns=...Z{\-]..ut^.oi....V\D.'TDLq.D..F#.`.KW..E.z>.l..........7....@...jQ.&......O.K%#.#.p..Z.M.g.b.+.l...A..}.3.*w.....A.%..#W.Z.=...z.mmM>.k...*ff<..A}.P....#9..+..y...A.~,.J..6].F[MfG..G..pi.?.@,.UY47..E.4..cQ.r.~M....i...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA35ChgbrP9t4O8b\Cookies\Chrome_Default.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):530
                                                                                                                                                                                                                                                                          Entropy (8bit):5.999391385907715
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:copYxSlufq7gCx7Fbyr4rOSlTfJJADr6HDsZQZ7gC6:KauS79Gr4iSllJALQZ7c
                                                                                                                                                                                                                                                                          MD5:06ED2CD304730F55A5C7001509E128BE
                                                                                                                                                                                                                                                                          SHA1:49651485B2CE3D239172BD52BF5A265AB3EB8E18
                                                                                                                                                                                                                                                                          SHA-256:66851B5AA77B3DEE71B842F53D4E30F664F5A08F9754B9E87B323871981516A4
                                                                                                                                                                                                                                                                          SHA-512:0163A8537DE695D34865EEB9C872F15A1827644D8797344A2D36E776F174E5901E77AA560488B0D7D7359B3648614F818B85A7D51F59CCDF2831B5715F5A9334
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.google.com.FALSE./.TRUE.1699018815.1P_JAR.ENC893*_djEwmUj/dRHWNmfhbTB/w+u3HcpAF49UGcxvovgmz9ye9OQyJO9KCFHkRm8=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*...google.com.TRUE./.TRUE.1712238015.NID.ENC893*_djEwFCqquAx+Q1mLxpuZeEBJZSgzAt4Ngo/HHXcYPxMGINXG0MJzCe/y7m5VzpUyfsA6ingOdNobTvWP/YbKYpzg64nmGlCjRU9RpPIjDAuAxGlp5MTMUaOP4iC8aSCuijjqDE5gAdZQ5Jgb0/uEAZ4ssWGDsxXJbqpGbi04viYfPDhBfQ9XKXznqtHW/weYlNZJIGlKZBsCWoEIKfuL56VHKaBt04gLO/XK1/P3nHsp6pSc1x1uk1RRK7hSYUjCY5G/hcpBBjFv74dICDI=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA35ChgbrP9t4O8b\information.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5312
                                                                                                                                                                                                                                                                          Entropy (8bit):5.236610028039868
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:xFQkJa2VbRxnLc2KBhA6tsxODsR0o6QkUk55nANUv:xal2xrnLX6tsxPR0o7kUk55X
                                                                                                                                                                                                                                                                          MD5:0FB7B0DF9E2D96FACA1C95337AF2AB9B
                                                                                                                                                                                                                                                                          SHA1:67DB2DE07E486F10ADA36574C3140A0A4EF90E11
                                                                                                                                                                                                                                                                          SHA-256:E9E0766AD7F691E247E2BA4521AD71ECD5F662A2BECA2641E2102D359EBC86F6
                                                                                                                                                                                                                                                                          SHA-512:6CC111D68E5583DC714FD5ACDB5E816EC79BD499F7EBF2CE2061A59A1968E30E649E95400E456D1E31842533491C017C578E2B0E3196954281677D9990ABAE38
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Build: slava..Version: 1.3....Date: Wed Jan 17 15:38:27 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 78ea00bf820736f17d5b14d4039e730b....Path: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe..Work Dir: C:\Users\user\AppData\Local\Temp\jobA35ChgbrP9t4O8b....IP: 154.16.192.193..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 445817..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 17/1/2024 15:38:27..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [332]..csrss.exe [420]..wininit.exe [496]..csrss.exe [504]..winlogon.exe [564]..services.exe [632]..lsass.exe [640]..svchost.exe [752]..fontdrvhost.exe [780]..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA35ChgbrP9t4O8b\passwords.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4897
                                                                                                                                                                                                                                                                          Entropy (8bit):2.518316437186352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                                                                                                          MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                                                                                                          SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                                                                                                          SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                                                                                                          SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA3Du8Ilqds2PLDa\Cookies\Chrome_Default.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1060
                                                                                                                                                                                                                                                                          Entropy (8bit):5.999391385907715
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:KauS79Gr4iSllJALQZ73auS79Gr4iSllJALQZ7c:KauS7GAfJUu73auS7GAfJUu7c
                                                                                                                                                                                                                                                                          MD5:C0ADF7485C183F86B6E5146BBCAD794B
                                                                                                                                                                                                                                                                          SHA1:1F31AF65C794F1C146C90F710035734C2D309AE6
                                                                                                                                                                                                                                                                          SHA-256:B9DE707D979A9939290146CBFD7769E6121A43BCCF04ED0731C6108F47577CE6
                                                                                                                                                                                                                                                                          SHA-512:E23D818BC20E47A8183F4B6AA2CE79B72CFF805ACC6BAAFCB009F372FD8F498522340EEC54621A8A219A8DCE019308137774ABFC35AE15941869B85BA7FA8085
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.google.com.FALSE./.TRUE.1699018815.1P_JAR.ENC893*_djEwmUj/dRHWNmfhbTB/w+u3HcpAF49UGcxvovgmz9ye9OQyJO9KCFHkRm8=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*...google.com.TRUE./.TRUE.1712238015.NID.ENC893*_djEwFCqquAx+Q1mLxpuZeEBJZSgzAt4Ngo/HHXcYPxMGINXG0MJzCe/y7m5VzpUyfsA6ingOdNobTvWP/YbKYpzg64nmGlCjRU9RpPIjDAuAxGlp5MTMUaOP4iC8aSCuijjqDE5gAdZQ5Jgb0/uEAZ4ssWGDsxXJbqpGbi04viYfPDhBfQ9XKXznqtHW/weYlNZJIGlKZBsCWoEIKfuL56VHKaBt04gLO/XK1/P3nHsp6pSc1x1uk1RRK7hSYUjCY5G/hcpBBjFv74dICDI=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*...google.com.FALSE./.TRUE.1699018815.1P_JAR.ENC893*_djEwmUj/dRHWNmfhbTB/w+u3HcpAF49UGcxvovgmz9ye9OQyJO9KCFHkRm8=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*...google.com.TRUE./.TRUE.1712238015.NID.ENC893*_djEwFCqquAx+Q1mLxpuZeEBJZSgzAt4Ngo/HHXcYPxMGINXG0MJzCe/y7m5VzpUyfsA6ingOdNobTvWP/YbKYpzg64nmGlCjRU9RpPIjDAuAxGlp5MTMUaOP4iC8aSCuijjqDE5gAdZQ5Jgb0/uEAZ4ssWGDsxXJbqpGbi04viYfPDhBfQ9XKXznqtHW/weYlNZJIGlKZBsCWoEIKfuL56VHKaBt04gLO/XK1/P3nHsp6pSc1x1uk1RRK7hSYUjCY5G/hcpB

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA3Du8Ilqds2PLDa\information.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5123
                                                                                                                                                                                                                                                                          Entropy (8bit):5.225380007717769
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:xFQXFbRxuc2KBhA6tsxODsR0o6QkUk55ve:xaxruX6tsxPR0o7kUk552
                                                                                                                                                                                                                                                                          MD5:65A09A6416391A67E44571BF716BBC7A
                                                                                                                                                                                                                                                                          SHA1:51FF9850EDEE585B78424B6AE19EF675F3DAB7EF
                                                                                                                                                                                                                                                                          SHA-256:AC96FC19870CD9E9629FA29F88429FFD16877A9AFA4B63B56A1B1BDDDDD1B638
                                                                                                                                                                                                                                                                          SHA-512:59F3991BAD28BC2211EEBE3EB5655A374143B3069E1D40E97B24AD37C15076EF43E298540814842C12FD0A0E50A9A9452F13454ECD26CFDCE4B4D97B5712AB6F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Build: slava..Version: 1.3....Date: Wed Jan 17 15:38:31 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 78ea00bf820736f17d5b14d4039e730b....Path: C:\ProgramData\MPGPH131\MPGPH131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\jobA3Du8Ilqds2PLDa....IP: 154.16.192.193..Location: US, New York City..Windows: Windows 10 Pro [x64]..Computer Name: 445817..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 17/1/2024 15:38:31..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [332]..csrss.exe [420]..wininit.exe [496]..csrss.exe [504]..winlogon.exe [564]..services.exe [632]..lsass.exe [640]..svchost.exe [752]..fontdrvhost.exe [780]..fontdrvhost.exe [788]..svchost.exe [872]..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA3Du8Ilqds2PLDa\passwords.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4897
                                                                                                                                                                                                                                                                          Entropy (8bit):2.518316437186352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                                                                                                                                                          MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                                                                                                                                                          SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                                                                                                                                                          SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                                                                                                                                                          SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\02zdBXl47cvzHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\2jQJv37iJ0lzCookies

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                                          Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                          MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                          SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                          SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                          SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\D87fZN3R3jFeWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                                          Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                          MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                          SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                          SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                          SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\IWPfiAXUTJTSHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1390080
                                                                                                                                                                                                                                                                          Entropy (8bit):7.982755266283964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ZWSSNkObNBRORlgCtFei1cgGdnlz7p1IsKmZlZw8rVKI2AAFqUcv:YSpORBRKZMaD6DqsKAzw8pKGAFRk
                                                                                                                                                                                                                                                                          MD5:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          SHA1:66E3B7B8580DD5004A5449B69F65B4946C628374
                                                                                                                                                                                                                                                                          SHA-256:CAD6CF5A3F2A7B3CDB9E0E9FCB99F493E7C209B378868E4CA0D06CC64340B8B6
                                                                                                                                                                                                                                                                          SHA-512:0546211CD4DA795B7F492A53BFA2743B67D7BAEADD61FA4D96A948EF04046A910C9EBF2D9D6AC39E7F6D4F444E24FF2202BD72926B0143E74BC40913876B133B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e............................4.?...... ....@.......................... @...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....P....0..B..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\o0qT3dWYBP7ZHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\oOPEmFmu_xsJCookies

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8439810553697228
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                                                                                                          MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                                                                                                          SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                                                                                                          SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                                                                                                          SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\pSE1jchbiT9aHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):916480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5771729236320695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2TM:tqDEvCTbMWu7rQYlBQcBiT6rprG8aOM
                                                                                                                                                                                                                                                                          MD5:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          SHA1:1305DB28577661761E28815E979662A9338B7CC7
                                                                                                                                                                                                                                                                          SHA-256:5438AD0E2FED7F526C0DD667AA6FA0DF640E8F9896397D7FB8B41E6084F72BA8
                                                                                                                                                                                                                                                                          SHA-512:4A135951584165BFBCAAE183455F31D4BFBB8D9F22757E65BF098AF801EE63069F0C1332C099696024C5B00D41975F748E6CAF85F279D7D5BAE423EF2AE92EFC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...]T.e.........."..........L......w.............@..........................`......;.....@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\02zdBXl47cvzHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\02zdBXl47cvzcookies.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\2jQJv37iJ0lzCookies

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\3b6N2Xdh3CYwWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                                          Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                          MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                          SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                          SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                          SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):916480
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5771729236320695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:tqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2TM:tqDEvCTbMWu7rQYlBQcBiT6rprG8aOM
                                                                                                                                                                                                                                                                          MD5:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          SHA1:1305DB28577661761E28815E979662A9338B7CC7
                                                                                                                                                                                                                                                                          SHA-256:5438AD0E2FED7F526C0DD667AA6FA0DF640E8F9896397D7FB8B41E6084F72BA8
                                                                                                                                                                                                                                                                          SHA-512:4A135951584165BFBCAAE183455F31D4BFBB8D9F22757E65BF098AF801EE63069F0C1332C099696024C5B00D41975F748E6CAF85F279D7D5BAE423EF2AE92EFC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...]T.e.........."..........L......w.............@..........................`......;.....@...@.......@.....................d...|....@...........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc........@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8ghN89CsjOW1Login Data For Account

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\D87fZN3R3jFeWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\D87fZN3R3jFeplaces.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                                          Entropy (8bit):0.03859996294213402
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                                                                                                                                                          MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                                                                                                                                                          SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                                                                                                                                                          SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                                                                                                                                                          SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\Ei8DrAmaYu9KLogin Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\IWPfiAXUTJTSHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\KvHrxJ77cmUgLogin Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\QdX9ITDLyCRBWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                          MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                          SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                          SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                          SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1390080
                                                                                                                                                                                                                                                                          Entropy (8bit):7.982755266283964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:ZWSSNkObNBRORlgCtFei1cgGdnlz7p1IsKmZlZw8rVKI2AAFqUcv:YSpORBRKZMaD6DqsKAzw8pKGAFRk
                                                                                                                                                                                                                                                                          MD5:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          SHA1:66E3B7B8580DD5004A5449B69F65B4946C628374
                                                                                                                                                                                                                                                                          SHA-256:CAD6CF5A3F2A7B3CDB9E0E9FCB99F493E7C209B378868E4CA0D06CC64340B8B6
                                                                                                                                                                                                                                                                          SHA-512:0546211CD4DA795B7F492A53BFA2743B67D7BAEADD61FA4D96A948EF04046A910C9EBF2D9D6AC39E7F6D4F444E24FF2202BD72926B0143E74BC40913876B133B
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e............................4.?...... ....@.......................... @...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....P....0..B..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\UPG2LoPXwc7OWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\ZunTSaNJLBVfWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\o0qT3dWYBP7ZHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\oOPEmFmu_xsJCookies

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8439810553697228
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                                                                                                                                                          MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                                                                                                                                                          SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                                                                                                                                                          SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                                                                                                                                                          SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\pSE1jchbiT9aHistory

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\suOrwW4ZcUbjWeb Data

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                          Entropy (8bit):1.121297215059106
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                                          MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                                                                                                                                                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                                                                                                                                                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                                                                                                                                                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                                                                                                                          Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:L6QtRc:Hfc
                                                                                                                                                                                                                                                                          MD5:B6CE9D805A6C654007D8B8D594766025
                                                                                                                                                                                                                                                                          SHA1:D21AD37C8734056CDAAC7901201E9CD2B1361D5D
                                                                                                                                                                                                                                                                          SHA-256:BF2D44EB0FCEBBE9D91BE3527D362BE477478E3FD62869CB0DF9DC23B941D175
                                                                                                                                                                                                                                                                          SHA-512:FACDFAD5F4CA8DEC644667DAB0BA937382A1DA8D747007D82F49FEAD3A9B63F38CD746253044E8B5AC1683FC91EED9607953B1BF21A5FD6448E87A8A4348787B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:1705508938339

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):453023
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):104448
                                                                                                                                                                                                                                                                          Entropy (8bit):6.38921269820025
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:MYHZ5o8D+sjrW2sosmrtuQRYKr77BUEYW0Z:McDoBkPsituQR5+W0Z
                                                                                                                                                                                                                                                                          MD5:85AF6C99D918757171D2D280E5AC61EF
                                                                                                                                                                                                                                                                          SHA1:BA1426D0ECF89825F690ADAD0A9F3C8C528ED48E
                                                                                                                                                                                                                                                                          SHA-256:150FB1285C252E2B79DEA84EFB28722CC22D370328CEB46FB9553DE1479E001E
                                                                                                                                                                                                                                                                          SHA-512:12C061D8FF87CDD3B1F26B84748396E4F56FC1429152E418988E042BC5362DF96A2F2C17BCF826D17A8BAE9045EE3BA0C063FB565D75C604E47009FF442E8C8E
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.j.c.j.c.j.8.i.i.j.8.o..j.8.n.q.j..n.l.j..i.r.j..o.B.j.8.k.d.j.c.k...j...c.`.j...j.b.j.....b.j...h.b.j.Richc.j.........................PE..L...h.e...........!................!g....... ............................................@..........................z......<{..P....................................o..8............................o..@............ ..H............................text...V........................... ..`.rdata...b... ...d..................@..@.data................v..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                                                                                                          Entropy (8bit):4.621829903792328
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
                                                                                                                                                                                                                                                                          MD5:1B7C22A214949975556626D7217E9A39
                                                                                                                                                                                                                                                                          SHA1:D01C97E2944166ED23E47E4A62FF471AB8FA031F
                                                                                                                                                                                                                                                                          SHA-256:340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
                                                                                                                                                                                                                                                                          SHA-512:BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2FLDDJSO635LBQO3TM0L.temp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5488
                                                                                                                                                                                                                                                                          Entropy (8bit):3.3039791513851733
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:xdfwUA4TIUx2dWoM15KLN8zmkdfwUA4swM+bpoqdWoM15KLFX1RgmCdfwUA46lV/:xdiBUgdwLz3diX6BdwNddiXadwP1
                                                                                                                                                                                                                                                                          MD5:7FD01E9D0AE9E12DE5C1F8813F14DE88
                                                                                                                                                                                                                                                                          SHA1:087C7E753FFE19AC5CE6A11FBE8F846B19CEB965
                                                                                                                                                                                                                                                                          SHA-256:03EB78B42937E6B1078B1CF80C5C458845B06D6211D045FD7499B26475A93418
                                                                                                                                                                                                                                                                          SHA-512:E014B6219E775EA7F751B103614034105022B2DEBAB9353D6A9047795115F5FDF7746B441343360143A036849AC1E190F554EA5AA64BD9E743DF9AB5CACC8DBE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...................................FL..................F.@.. ...p..........7SI..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W1X.t............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W1X.t..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5488
                                                                                                                                                                                                                                                                          Entropy (8bit):3.3039791513851733
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:xdfwUA4TIUx2dWoM15KLN8zmkdfwUA4swM+bpoqdWoM15KLFX1RgmCdfwUA46lV/:xdiBUgdwLz3diX6BdwNddiXadwP1
                                                                                                                                                                                                                                                                          MD5:7FD01E9D0AE9E12DE5C1F8813F14DE88
                                                                                                                                                                                                                                                                          SHA1:087C7E753FFE19AC5CE6A11FBE8F846B19CEB965
                                                                                                                                                                                                                                                                          SHA-256:03EB78B42937E6B1078B1CF80C5C458845B06D6211D045FD7499B26475A93418
                                                                                                                                                                                                                                                                          SHA-512:E014B6219E775EA7F751B103614034105022B2DEBAB9353D6A9047795115F5FDF7746B441343360143A036849AC1E190F554EA5AA64BD9E743DF9AB5CACC8DBE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...................................FL..................F.@.. ...p..........7SI..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W1X.t............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W1X.t..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5488
                                                                                                                                                                                                                                                                          Entropy (8bit):3.3039791513851733
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:xdfwUA4TIUx2dWoM15KLN8zmkdfwUA4swM+bpoqdWoM15KLFX1RgmCdfwUA46lV/:xdiBUgdwLz3diX6BdwNddiXadwP1
                                                                                                                                                                                                                                                                          MD5:7FD01E9D0AE9E12DE5C1F8813F14DE88
                                                                                                                                                                                                                                                                          SHA1:087C7E753FFE19AC5CE6A11FBE8F846B19CEB965
                                                                                                                                                                                                                                                                          SHA-256:03EB78B42937E6B1078B1CF80C5C458845B06D6211D045FD7499B26475A93418
                                                                                                                                                                                                                                                                          SHA-512:E014B6219E775EA7F751B103614034105022B2DEBAB9353D6A9047795115F5FDF7746B441343360143A036849AC1E190F554EA5AA64BD9E743DF9AB5CACC8DBE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...................................FL..................F.@.. ...p..........7SI..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W1X.t............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W1X.t..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CA49R2BLO2IGURXH9UXC.temp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5488
                                                                                                                                                                                                                                                                          Entropy (8bit):3.3039791513851733
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:xdfwUA4TIUx2dWoM15KLN8zmkdfwUA4swM+bpoqdWoM15KLFX1RgmCdfwUA46lV/:xdiBUgdwLz3diX6BdwNddiXadwP1
                                                                                                                                                                                                                                                                          MD5:7FD01E9D0AE9E12DE5C1F8813F14DE88
                                                                                                                                                                                                                                                                          SHA1:087C7E753FFE19AC5CE6A11FBE8F846B19CEB965
                                                                                                                                                                                                                                                                          SHA-256:03EB78B42937E6B1078B1CF80C5C458845B06D6211D045FD7499B26475A93418
                                                                                                                                                                                                                                                                          SHA-512:E014B6219E775EA7F751B103614034105022B2DEBAB9353D6A9047795115F5FDF7746B441343360143A036849AC1E190F554EA5AA64BD9E743DF9AB5CACC8DBE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...................................FL..................F.@.. ...p..........7SI..........S...........................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W1X.t............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W1X.t..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............<.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 17 13:38:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2677
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9707856213149606
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:8UdKT2iaHQidAKZdA19ehwiZUklqehGy+3:8Jbxdy
                                                                                                                                                                                                                                                                          MD5:5221614D46EC8F094F728FF0120F6049
                                                                                                                                                                                                                                                                          SHA1:10F81899B39360A76512F03B140846AB76CFFD64
                                                                                                                                                                                                                                                                          SHA-256:E28049792FD48A3D3B7A93022A681962AF96757DDD96952DD6D66C0E4CD23735
                                                                                                                                                                                                                                                                          SHA-512:17EDF8988D531AA17CC3089200DE95AC9849E2EB4284C6B465682F410A2B527F241868FBE4AFB32F3B69B284D737CC6E4A417D5B317B43D24B8744863B570947
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,....fW..RI..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V1X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V1X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V1X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V1X.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 17 13:38:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2679
                                                                                                                                                                                                                                                                          Entropy (8bit):3.988770562439509
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:8NdKT2iaHQidAKZdA1weh/iZUkAQkqehNy+2:8KbD9QQy
                                                                                                                                                                                                                                                                          MD5:D454D4061D6A527BB8798F171466E820
                                                                                                                                                                                                                                                                          SHA1:C7E2FC601907B71209538FDC09A66E8429094E4A
                                                                                                                                                                                                                                                                          SHA-256:0486A17AAF485EC1A628AF4D279850DFE6C5A48CC9DCB137AC52A7BF8C6403EE
                                                                                                                                                                                                                                                                          SHA-512:286DC57C20EBB1DBC3E4D1917E1FC48DBC9D901FFED2565D04B54D8961A7031538A1D1250BEF457AC2AF8CCA483AAC530E8A1F9836C7D20B00289E00818ABEDB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,........RI..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V1X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V1X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V1X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V1X.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2693
                                                                                                                                                                                                                                                                          Entropy (8bit):4.000958824545558
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:8xTdKT2isHQidAKZdA14tseh7sFiZUkmgqeh7sHy+BX:8xMbtnxy
                                                                                                                                                                                                                                                                          MD5:BE31B19EBDA8C005BEEC9E469418457D
                                                                                                                                                                                                                                                                          SHA1:426BBCD8F906EC7E36F1B3D1A30FD9F161696C15
                                                                                                                                                                                                                                                                          SHA-256:84BF21431734E381C5139A4B846C697C96B114247BD6CB494982CAB333292B32
                                                                                                                                                                                                                                                                          SHA-512:3628A9B004D1190826203CB80D55B63BC3F005B4C07E9E440526EDD415BC00318AB931B32E146A1C95A9CB235A6DDCE733424D5CE2244C5FFAD885AEC6391A5E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V1X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V1X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V1X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 17 13:38:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2681
                                                                                                                                                                                                                                                                          Entropy (8bit):3.985280301904067
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:8xdKT2iaHQidAKZdA1vehDiZUkwqehJy+R:8mbgfy
                                                                                                                                                                                                                                                                          MD5:1BFCDE5567F6A8E58875B6C791FC79CF
                                                                                                                                                                                                                                                                          SHA1:3B9C9257AA1FC1D462340C64FDAD79FAD4053354
                                                                                                                                                                                                                                                                          SHA-256:F680BCB5CD45D2C9876A037FB9F5D7BD7E2BC4981E7B1745CB8D753994BB3BB7
                                                                                                                                                                                                                                                                          SHA-512:92E70E12092C79D4781F48DC3DB4C5723EA9C281E3CDC65DA90AE4232EC27F56FEBB7875DD28369E922FAFEA4B0CE0148F66E42C405478E17C6AB6D869C1904B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,.....y..RI..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V1X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V1X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V1X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V1X.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 17 13:38:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2681
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9767382160167832
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:8AdKT2iaHQidAKZdA1hehBiZUk1W1qehLy+C:8NbA9ry
                                                                                                                                                                                                                                                                          MD5:32817AF84CAA566CD5642B3454082CD1
                                                                                                                                                                                                                                                                          SHA1:007D0BA62DDAB4DF8F81DA15E246CF71DA218672
                                                                                                                                                                                                                                                                          SHA-256:B5A63746F3DC2EB1658E50DFC2776628391D13A07601F4C4976DAF078375B114
                                                                                                                                                                                                                                                                          SHA-512:376896F3B61999C6A5E9A131009D6994C700006C4E15946684A2BBB120479A1CE9DED71968B5F473197AB539E71BF111BBDD8F1A8DED7C244D01B2B232B34A1E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,.......RI..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V1X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V1X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V1X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V1X.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 17 13:38:39 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2683
                                                                                                                                                                                                                                                                          Entropy (8bit):3.984999325813927
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:8HudKT2iaHQidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxy+yT+:8HnbOT/TbxWOvTbxy7T
                                                                                                                                                                                                                                                                          MD5:0CE2CAE4932F9471A0C47A4B06D632B5
                                                                                                                                                                                                                                                                          SHA1:023F19B34C8CD1998D0FAF3523D41BE3F6B69171
                                                                                                                                                                                                                                                                          SHA-256:ECA3CC2B51A177C0C0AAA7B6C3D6B110B5EAA08896D6094DF257E6E9E64B5BDA
                                                                                                                                                                                                                                                                          SHA-512:294A388E2603DE7D4286979FD8B2D8D668594FDD492B2092B5DCEF2BA0D0A285CE8A5747465C239FCFA005BC8EA2B33F9F7617D2AA11E793E04C9E7E53F4EDD7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...$+.,....o...RI..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I1X.t....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V1X.t....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V1X.t....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V1X.t..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V1X.t...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                          Entropy (8bit):4.927330784173751
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNTq9PfxE:8S+OVPUFRbOdwNIOdYpjvY1Q6LMqNf8P
                                                                                                                                                                                                                                                                          MD5:6519E4A3D403B8D91DF54886964EE99F
                                                                                                                                                                                                                                                                          SHA1:825AF4F00BE9E684CCAAEE7B275E2355A45FF19A
                                                                                                                                                                                                                                                                          SHA-256:7FA15AFE7F11388474D4869FF5E83052EF3970C6C96E380EEC60F30565986A8E
                                                                                                                                                                                                                                                                          SHA-512:7FF6691586386CF7D52B501C2A1E951D95AE375015A890B1C4DD19724BABF73728BE6A3A03935304AF62321DFDB91DB6B37D76493B5EE808B84E25839D381F46
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3621
                                                                                                                                                                                                                                                                          Entropy (8bit):4.927330784173751
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNTq9PfxE:8S+OVPUFRbOdwNIOdYpjvY1Q6LMqNf8P
                                                                                                                                                                                                                                                                          MD5:6519E4A3D403B8D91DF54886964EE99F
                                                                                                                                                                                                                                                                          SHA1:825AF4F00BE9E684CCAAEE7B275E2355A45FF19A
                                                                                                                                                                                                                                                                          SHA-256:7FA15AFE7F11388474D4869FF5E83052EF3970C6C96E380EEC60F30565986A8E
                                                                                                                                                                                                                                                                          SHA-512:7FF6691586386CF7D52B501C2A1E951D95AE375015A890B1C4DD19724BABF73728BE6A3A03935304AF62321DFDB91DB6B37D76493B5EE808B84E25839D381F46
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5308
                                                                                                                                                                                                                                                                          Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                          MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                          SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                          SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                          SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                          Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                                                                                          Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                          MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                          SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                          SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                          SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite-journal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):33288
                                                                                                                                                                                                                                                                          Entropy (8bit):0.30907403782235016
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:7+tF+6LCvwae+Q8Uu50xj0aWe9LxYkKA25Q5k:7MF+6awae+QtMImelekKDa5k
                                                                                                                                                                                                                                                                          MD5:DDBB55B3E383A67E1CC8C404F6EFECCB
                                                                                                                                                                                                                                                                          SHA1:A713C6577CF4EA8C25C7B660C73CB93C457FBBE7
                                                                                                                                                                                                                                                                          SHA-256:A9258B6F5B94035ABD922609105C633794F3E1136E17196015A3609FF84367AD
                                                                                                                                                                                                                                                                          SHA-512:774566FF4C2A500FE02135D43066F481BD5E5EAB369BD7E73B80027B5F2ED8C53BA305BB7120D13E08CCAB9F28818F2FD0729EB3CCF15128AB4F57F14194FD99
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.... .c......4)T....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                          Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\aborted-session-ping (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):47189
                                                                                                                                                                                                                                                                          Entropy (8bit):5.256846807295682
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:J0RE7dUbnMfDhbgnnl2LovEwIErU3NhnzFSJX0d:qqZgMLmnh8ErU3NhnzFSJO
                                                                                                                                                                                                                                                                          MD5:55AE6821BBCD4A50CB8F16B454D788A0
                                                                                                                                                                                                                                                                          SHA1:FE47D5C422C6FB18564550223B905170F143670A
                                                                                                                                                                                                                                                                          SHA-256:8E5A334D8EA406CEF26992DD889488419685FAE61D4783C65F6AB5D2378D032A
                                                                                                                                                                                                                                                                          SHA-512:C0CD1194E7A5390A06920C33BDD8EA8D55A6549BABA56B01CDDE6E7F20D18DBBC4A6ADDDFCB2C1B614EFEF1E188E6DA37A5C822ED908CE6B172CB9BCD33A150B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"type":"main","id":"1912b4c9-96d5-4fb5-a302-32ddf7aaadb1","creationDate":"2024-01-17T16:30:09.311Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":13299,"start":6615133,"main":6615578,"selectProfile":6615590,"afterProfileLocked":6615594,"startupCrashDetectionBegin":6618989,"startupCrashDetectionEnd":6681824,"firstPaint":6623816,"firstPaint2":6621347,"sessionRestoreInit":6619220,"sessionRestored":6624587,"createTopLevelWindow":6616757,"blankWindowShown":13233860,"AMI_startup_begin":13233906,"XPI_startup_begin":13233961,"XPI_bootstrap_addons_begin":13233970,"XPI_bootstrap_addons_end":13233995,"XPI_startup_end":13233995,"AMI_startup_end":13233996,"XPI_finalUIStartup":13234091,"sessionRestoreInitialized":13234170,"delayedStartupStarted":13239137,"delay

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\aborted-session-ping.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):47189
                                                                                                                                                                                                                                                                          Entropy (8bit):5.256846807295682
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:J0RE7dUbnMfDhbgnnl2LovEwIErU3NhnzFSJX0d:qqZgMLmnh8ErU3NhnzFSJO
                                                                                                                                                                                                                                                                          MD5:55AE6821BBCD4A50CB8F16B454D788A0
                                                                                                                                                                                                                                                                          SHA1:FE47D5C422C6FB18564550223B905170F143670A
                                                                                                                                                                                                                                                                          SHA-256:8E5A334D8EA406CEF26992DD889488419685FAE61D4783C65F6AB5D2378D032A
                                                                                                                                                                                                                                                                          SHA-512:C0CD1194E7A5390A06920C33BDD8EA8D55A6549BABA56B01CDDE6E7F20D18DBBC4A6ADDDFCB2C1B614EFEF1E188E6DA37A5C822ED908CE6B172CB9BCD33A150B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"type":"main","id":"1912b4c9-96d5-4fb5-a302-32ddf7aaadb1","creationDate":"2024-01-17T16:30:09.311Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":13299,"start":6615133,"main":6615578,"selectProfile":6615590,"afterProfileLocked":6615594,"startupCrashDetectionBegin":6618989,"startupCrashDetectionEnd":6681824,"firstPaint":6623816,"firstPaint2":6621347,"sessionRestoreInit":6619220,"sessionRestored":6624587,"createTopLevelWindow":6616757,"blankWindowShown":13233860,"AMI_startup_begin":13233906,"XPI_startup_begin":13233961,"XPI_bootstrap_addons_begin":13233970,"XPI_bootstrap_addons_end":13233995,"XPI_startup_end":13233995,"AMI_startup_end":13233996,"XPI_finalUIStartup":13234091,"sessionRestoreInitialized":13234170,"delayedStartupStarted":13239137,"delay

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2024-01\1705509009476.ec86b523-1b57-4c6f-a649-8e603818af4e.health.jsonlz4 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 493 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):444
                                                                                                                                                                                                                                                                          Entropy (8bit):5.611083099599678
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:v05FgRUvgZgHMVHkUHW/nBeBlSsoezv91uHmHT+hAvxn:vMvrGkr5eBlxF9wHnWvx
                                                                                                                                                                                                                                                                          MD5:1E78E7A20D2BF65714A414611DAD593F
                                                                                                                                                                                                                                                                          SHA1:A56C9039EEBFE92E3587AA6931BA86121E29E56C
                                                                                                                                                                                                                                                                          SHA-256:C943DFB26E39A6CA00B09FF0F067E79DD3494612F16E8D7A579A1608C53262DE
                                                                                                                                                                                                                                                                          SHA-512:4078F8CDAB3B5E08ECA8ABE4C64535BC887EF74189B3FFEE014C173EA33B190E11D30EB726252468BB8E2E72128DDD3D4BF02EEA53027B417920B89A387F57CC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40......k{"type":"health","id":"ec86b523-1b57-4c6f-a649-8e603818af4e","creationDate":"2024-01-17T16:30:09.476Z","version":4,"applic9...":{"architectur....x86-64","buildI....20230927232528","nam+.xFirefox_..."118.0.1","displayVz......vendor":"Mozilla","platform/...xpcomAbi..._64-msvc....hannel":"release"},"payload.. os.....ZWINNT..00.02.@reas..."immediat\..sendFail....{"eUnreachable":1}},"client"...1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2024-01\1705509009476.ec86b523-1b57-4c6f-a649-8e603818af4e.health.jsonlz4.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 493 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):444
                                                                                                                                                                                                                                                                          Entropy (8bit):5.611083099599678
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:v05FgRUvgZgHMVHkUHW/nBeBlSsoezv91uHmHT+hAvxn:vMvrGkr5eBlxF9wHnWvx
                                                                                                                                                                                                                                                                          MD5:1E78E7A20D2BF65714A414611DAD593F
                                                                                                                                                                                                                                                                          SHA1:A56C9039EEBFE92E3587AA6931BA86121E29E56C
                                                                                                                                                                                                                                                                          SHA-256:C943DFB26E39A6CA00B09FF0F067E79DD3494612F16E8D7A579A1608C53262DE
                                                                                                                                                                                                                                                                          SHA-512:4078F8CDAB3B5E08ECA8ABE4C64535BC887EF74189B3FFEE014C173EA33B190E11D30EB726252468BB8E2E72128DDD3D4BF02EEA53027B417920B89A387F57CC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40......k{"type":"health","id":"ec86b523-1b57-4c6f-a649-8e603818af4e","creationDate":"2024-01-17T16:30:09.476Z","version":4,"applic9...":{"architectur....x86-64","buildI....20230927232528","nam+.xFirefox_..."118.0.1","displayVz......vendor":"Mozilla","platform/...xpcomAbi..._64-msvc....hannel":"release"},"payload.. os.....ZWINNT..00.02.@reas..."immediat\..sendFail....{"eUnreachable":1}},"client"...1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\data.safe.bin (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Matlab v4 mat-file (little endian) g, rows 0, columns 1025
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6429
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3656334234817304
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:PrzL2IkGK1EMQzXSSF9nbkW6cS7yhm21P/PmHpO1:HZX9vnbocSWh/1PmJg
                                                                                                                                                                                                                                                                          MD5:32FAFC2FF7779668A33E34B9A2E682C6
                                                                                                                                                                                                                                                                          SHA1:5F6AD489CA6D0941435970F18742D83B24AFABFA
                                                                                                                                                                                                                                                                          SHA-256:BA9D787DE2C731596D77657E9F8A596C1A686E404B8E62051C121E7D2CE2FE02
                                                                                                                                                                                                                                                                          SHA-512:96BD6F2B7358AF9F82293D431F1D73C07ADA492480A8C263F9C676BCF48D3D248C3DB2735868D16CBDD8A3876DBB861A4335D0323E22FA12F166C63B446FA971
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.................ping.....................user....................glean_client_info#client_id9........0...........$.......d6eabfd9-e659-41c7-a9da-1a0be7949be6 .......glean_client_info#first_run_date<........3...........#.......2023-10-04T14:40:31.477863700+01:00....%.......glean_internal_info#baseline#sequence.........................".......glean_internal_info#baseline#start<........3...........#.......2024-01-17T17:32:43.634768200+01:00............glean_internal_info#dirtybit......................#.......glean_internal_info#events#sequence......................... .......glean_internal_info#events#start<........3...........#.......2024-01-17T17:32:43.773513600+01:00....-.......glean_internal_info#messaging-system#sequence.........................*.......glean_internal_info#messaging-system#start<........3...........#.......2024-01-17T17:29:47.083092900+01:00....$.......glean_internal_info#metrics#sequence.........................!.......glean_internal_info#metrics#start<........3....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\data.safe.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Matlab v4 mat-file (little endian) g, rows 0, columns 1025
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):6429
                                                                                                                                                                                                                                                                          Entropy (8bit):4.3656334234817304
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:PrzL2IkGK1EMQzXSSF9nbkW6cS7yhm21P/PmHpO1:HZX9vnbocSWh/1PmJg
                                                                                                                                                                                                                                                                          MD5:32FAFC2FF7779668A33E34B9A2E682C6
                                                                                                                                                                                                                                                                          SHA1:5F6AD489CA6D0941435970F18742D83B24AFABFA
                                                                                                                                                                                                                                                                          SHA-256:BA9D787DE2C731596D77657E9F8A596C1A686E404B8E62051C121E7D2CE2FE02
                                                                                                                                                                                                                                                                          SHA-512:96BD6F2B7358AF9F82293D431F1D73C07ADA492480A8C263F9C676BCF48D3D248C3DB2735868D16CBDD8A3876DBB861A4335D0323E22FA12F166C63B446FA971
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.................ping.....................user....................glean_client_info#client_id9........0...........$.......d6eabfd9-e659-41c7-a9da-1a0be7949be6 .......glean_client_info#first_run_date<........3...........#.......2023-10-04T14:40:31.477863700+01:00....%.......glean_internal_info#baseline#sequence.........................".......glean_internal_info#baseline#start<........3...........#.......2024-01-17T17:32:43.634768200+01:00............glean_internal_info#dirtybit......................#.......glean_internal_info#events#sequence......................... .......glean_internal_info#events#start<........3...........#.......2024-01-17T17:32:43.773513600+01:00....-.......glean_internal_info#messaging-system#sequence.........................*.......glean_internal_info#messaging-system#start<........3...........#.......2024-01-17T17:29:47.083092900+01:00....$.......glean_internal_info#metrics#sequence.........................!.......glean_internal_info#metrics#start<........3....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\background-update

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1154
                                                                                                                                                                                                                                                                          Entropy (8bit):4.637587199177232
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YSGMJtTgcIDX+tm1pDX+t1deDftmdHbDftqVdHn:Y//cIKyKQTubToLn
                                                                                                                                                                                                                                                                          MD5:DE07297C435CFEF6FB83FE4765D01893
                                                                                                                                                                                                                                                                          SHA1:334C7DEB77C3BA27EB73323DA49F3D1A165E00D4
                                                                                                                                                                                                                                                                          SHA-256:F0E6CB25F94746F7D27127BC2426A16168C347D3A4120272EF37A75DE7B2D0E8
                                                                                                                                                                                                                                                                          SHA-512:93556CDA8AAD8AD25AC073330DD9D056DC052BBB354DD4773C1410CBC20E1C5C12A72FD00802C57917F3FF814CA31E23C1AF5D3C7249FDA544169497609E86D3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"timestamp":22603,"category":"nimbus_events","name":"enrollment","extra":{"enrollment_id":"e3d881d7-090e-4889-b490-6f6306679ffe","experiment_type":"rollout","experiment":"extensions-migration-in-import-wizard-116-rollout","branch":"control"}}.{"timestamp":29556,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers","feature":"accessibilityCache","reason":"invalid-feature"}}.{"timestamp":29556,"category":"nimbus_events","name":"validation_failed","extra":{"reason":"invalid-feature","feature":"accessibilityCache","experiment":"next-generation-accessibility-engine-powering-screen-readers-and-other-ats-copy"}}.{"timestamp":42628,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers","reason":"invalid-feature","feature":"accessibilityCache"}}.{"timestamp":42628,"category":"nimbus_events","name":"validation_failed","extra":{"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\events

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1228
                                                                                                                                                                                                                                                                          Entropy (8bit):4.641781223249484
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:YSgDGMJtTgcIDX+tm1pDX+t1deDftmdHbDftqVdHn:YjS/cIKyKQTubToLn
                                                                                                                                                                                                                                                                          MD5:CB7A778D498AEC321C8E243CF59AF0EA
                                                                                                                                                                                                                                                                          SHA1:E5FE82FF96BB701AC5F3E1ED814173F084923AB6
                                                                                                                                                                                                                                                                          SHA-256:AA2D2299DADDF181FC37E3B3AEFAA4A6484CDFF16DA1B24675429F3BB4BB8177
                                                                                                                                                                                                                                                                          SHA-512:A0427ECFDC0198800C3FCF46C21A28D4811344FA8F165D98E9F1CD811533B8BAE8A998DE02662BC12579EF80B238CA23369F1612DE6E4CD6A5859607CE717EDC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"timestamp":0,"category":"fog.validation","name":"validate_early_event"}.{"timestamp":22603,"category":"nimbus_events","name":"enrollment","extra":{"enrollment_id":"e3d881d7-090e-4889-b490-6f6306679ffe","experiment_type":"rollout","experiment":"extensions-migration-in-import-wizard-116-rollout","branch":"control"}}.{"timestamp":29556,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers","feature":"accessibilityCache","reason":"invalid-feature"}}.{"timestamp":29556,"category":"nimbus_events","name":"validation_failed","extra":{"reason":"invalid-feature","feature":"accessibilityCache","experiment":"next-generation-accessibility-engine-powering-screen-readers-and-other-ats-copy"}}.{"timestamp":42628,"category":"nimbus_events","name":"validation_failed","extra":{"experiment":"next-generation-accessibility-engine-powering-screen-readers","reason":"invalid-feature","feature":"accessibilityCache"}}.{"timesta

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\10375f0f-2424-40bc-9d04-1d43cdb79358 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2624)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2694
                                                                                                                                                                                                                                                                          Entropy (8bit):4.9289452236317635
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGmVN/u+JETHWSj+KfIJgwJ1oWLX+/rUkuyCGikoRGjTA+BIEAJIp7vokGMJtTg5:71umSaT/oWLuTUktTZg+VpLi/cZrU2op
                                                                                                                                                                                                                                                                          MD5:CD65F7C55F62ED6A523EB361C5DA59A1
                                                                                                                                                                                                                                                                          SHA1:610FBDF17E1B306B08E5E9F9CEDB457C7AA0F9F7
                                                                                                                                                                                                                                                                          SHA-256:9EC29990FF4EFB25A59851DAD71B8BBB18736664C367FCB9CB1F8FD23B159357
                                                                                                                                                                                                                                                                          SHA-512:A41EAD2CF0F8A091DEA4C7FBDA0F1FF7039B951D8F6BEFD4FA9E18275FE0DB18C519E70B04375AB339DE1659F2287F8CA8A96D4BE626119E5D9BB1076C1B30A9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/events/1/10375f0f-2424-40bc-9d04-1d43cdb79358.{"ping_info":{"seq":2,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:32+01:00","reason":"inactive","experiments":{"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"first_run_date":"2023-10-04+01:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6","locale":

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\49c7bad5-5203-4e01-857e-1bf3679dfa77 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1357)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1429
                                                                                                                                                                                                                                                                          Entropy (8bit):5.032149862396694
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGcL/P/oWLXJiWSj+KfIJgw+061++dBU7dMsAMj03iwGJ7vVwovSO:nLvoWLPSaTO0yZLUCM431mLHKO
                                                                                                                                                                                                                                                                          MD5:80AE6148E8E4F00F6E32402573049511
                                                                                                                                                                                                                                                                          SHA1:75F416A8A56352A06C42CA0629E738548D7F86C3
                                                                                                                                                                                                                                                                          SHA-256:6978CAC43A1C2B87708747F405C7EFF11E99A4F3529B4D56D42D3A67E7B9D522
                                                                                                                                                                                                                                                                          SHA-512:6B1B6E2FDC15779B41380108E58D439E5EE821A21E12C5EAF52992F49BE486AFC22021738DC921C38F2DE8EECBE3A985E8664B4344243DEB6A758456563CF865
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/baseline/1/49c7bad5-5203-4e01-857e-1bf3679dfa77.{"ping_info":{"seq":2,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","reason":"active","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","os_version":"10.0","app_display_version":"118.0.1","app_channel":"release","architecture":"x86_64","locale":"en-US","os":"Windows","app_build":"20230927232528","firs

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\6a3d5fd9-ad2a-40f7-8cd1-7c8805928182 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (9530)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9601
                                                                                                                                                                                                                                                                          Entropy (8bit):4.793496896998228
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:NS+Ra1dpTuewkfJiDy0mo2f6fo1wNjT95oIooTBLROC3ejwMIsG:N5zhuLIv
                                                                                                                                                                                                                                                                          MD5:82DE1B940670D67D22AA0FAE650362D5
                                                                                                                                                                                                                                                                          SHA1:5551A8C3DB391A15F06D4461924DB45868843B87
                                                                                                                                                                                                                                                                          SHA-256:B90115413F1251AF0954EE532AE11313E6CDE9547B819411CFA4F1FA8FD6A9E4
                                                                                                                                                                                                                                                                          SHA-512:B9A45C16C5081F5A74826C9F53A31DB416BD04294AC8BDA6328C4F33D6B178D5C3388937E07FDF157EBF06DCCDAC94D6B2CBEF68EAC97D91AFED8F8F788EC1DC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/metrics/1/6a3d5fd9-ad2a-40f7-8cd1-7c8805928182.{"ping_info":{"seq":0,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:29+01:00","reason":"overdue","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_build":"20230927232528","app_channel":"release","architecture":"x86_64","os":"Windows","locale":"en-US","app_display_version":"118.0.1","os_version":"10.0","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-04+01:00","client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6","windows_build_number":19045},"metrics

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\8c642d41-5d07-4a04-9c95-3aa5f41f9892 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1376)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1456
                                                                                                                                                                                                                                                                          Entropy (8bit):5.095082454089942
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGq2JmJT/oWLXJA++dzWSjJnfIJgwJ1YUk7msAarlGjUDG7+pAkQKe4OaTSYjNF4:wmxoWL2ZYSi/YUk7+9gEoAkQoOaTjZ2
                                                                                                                                                                                                                                                                          MD5:5AEF803117FCD7C0E39CBA7F05B89FC2
                                                                                                                                                                                                                                                                          SHA1:4F8F56A2B50688B3695ACA573EDEDC2AF6C7E39A
                                                                                                                                                                                                                                                                          SHA-256:31B3843F407ACA3E03724F7611374EDCCD409541D2370C27386BE0D30387D647
                                                                                                                                                                                                                                                                          SHA-512:B2F7059F4709FEAE6ECD18A96EB4B490EEF6C0E9D67E82CE8A73AA2ECD63DD60CC0F8E281FCE5E641D99912966B76D605EECBAD712F7B104E598EB63D4952464
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/messaging-system/1/8c642d41-5d07-4a04-9c95-3aa5f41f9892.{"ping_info":{"seq":8,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"app_channel":"release","architecture":"x86_64","os_version":"10.0","locale":"en-US","app_build":"20230927232528","os":"Windows","app_display_versi

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\8e03c6a5-4038-4824-b6a7-0094f9d22535 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1759)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1829
                                                                                                                                                                                                                                                                          Entropy (8bit):4.969730597435921
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGc24V/oWLX+RWSj+KfIJgwJ1YUkuyCGihoGjTAar+uXvAI0p7vokwTtmdZwTt1K:loWLuwSaT/YUktTighEspLURUl
                                                                                                                                                                                                                                                                          MD5:10851869D73E7BF6AF7307D80050BE93
                                                                                                                                                                                                                                                                          SHA1:A3BEA8CF04ACB65356E63CD93CB58D5709B001E7
                                                                                                                                                                                                                                                                          SHA-256:20DED3B5F0088363848C8BE912E3106D71E36AE9DE03519907FAC510B5E10A8F
                                                                                                                                                                                                                                                                          SHA-512:9909B57C8D4E4FCA10C508F355382EE9A54C0AB4FF2BEE122ABC1C537132C8AF6441D466182C59029EFBC0EF18534792C4C583E86189BAF6EDF9C54E88C9F668
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/events/1/8e03c6a5-4038-4824-b6a7-0094f9d22535.{"ping_info":{"seq":1,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","reason":"startup","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"first_run_date":"2023-10-04+01:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6","locale":"en-US","app_channel":"release","app_display_version":"118.0.1","app_build":"20230927232528","architecture":"x86_64","os_version":"10.0","os":"Windows"},"metrics"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\8f9a59d9-7344-4129-b09b-0ee358c24ff7 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1394)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1474
                                                                                                                                                                                                                                                                          Entropy (8bit):5.115360638361872
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGP8F/RJgw+061+JETRWLX+RWSjJnfxUzGjRlTAa1V7G7+pAkQ+K+7VYaSYTKLjr:x9vO0yBWLuwSzUiMU7EoAkQ+v7VYajTe
                                                                                                                                                                                                                                                                          MD5:6B68AB7E4BDC5319D9050AD8BA9FD565
                                                                                                                                                                                                                                                                          SHA1:109CD4B3E4504F17B0A610A5B35171568D4AE374
                                                                                                                                                                                                                                                                          SHA-256:FDE19D8FE827F34DD9C3C717D4C1E923CA40F1D474F7B169D017DFAE15570CEC
                                                                                                                                                                                                                                                                          SHA-512:77FFEB7CD29AAC0D4CABE4D2A4758A2A4E078C3C3F91A1E113D732C99A015321424CB28345BF44BC96813D541A7F311C76FF54C86D99012CE0E1CF6EABF1FC4F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/messaging-system/1/8f9a59d9-7344-4129-b09b-0ee358c24ff7.{"ping_info":{"seq":9,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:29+01:00","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_display_version":"118.0.1","app_build":"20230927232528","os_version":"10.0","locale":"en-US","architecture":"x86_64","os":"Windows","app_channel":"release","windows_build_

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\cba6e952-ed13-4a0e-867c-e02daf979645 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1386)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1458
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0303959986842335
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGE/ClpWSj+Kf9WLX+1+JET0Jgw+0kU87mcjlTAUREGiwMrxa0wo+ip7vH:PHSa0WLu1gO0kU87F2q1MQo1pLH
                                                                                                                                                                                                                                                                          MD5:4728B5D3BA601D600C1CEE866676FD82
                                                                                                                                                                                                                                                                          SHA1:80CE3A150610AABBC2527FB0B12C15C161BC8090
                                                                                                                                                                                                                                                                          SHA-256:F12769020660F148F1F11F6E5FB11916BFB061BF3B570A1852C91ABC4E353543
                                                                                                                                                                                                                                                                          SHA-512:EF399821BBFFE49A3DB436BB788A3C886B6CF9C3159773768EA9AF0516342E1B8E33C24E5261C97EA84DFED94422F68C88B4E5937BFC8ED841EA04A8AE7A7210
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/baseline/1/cba6e952-ed13-4a0e-867c-e02daf979645.{"ping_info":{"seq":3,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:32+01:00","reason":"inactive","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-04+01:00","windows_build_number":19045,"app_channel":"release","os":"Windows","app_build":"202309

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\dc7d98d8-0dca-4d30-990a-53b533be7f2f (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (872)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):942
                                                                                                                                                                                                                                                                          Entropy (8bit):4.9828048040859745
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:BG2fKeENLSgAU7guNklrfl49mHOVunsmG+cmjziqaea1GAO2OLNh589HmLIoRSf8:BGtN8UOsAU2Gjm3iwgGAOZLNh5iY0E
                                                                                                                                                                                                                                                                          MD5:D17F1AD786F7B055DC18931EBF67E475
                                                                                                                                                                                                                                                                          SHA1:45AF6DD109BD2AE0CB7A3063A0CB9703C2BE5936
                                                                                                                                                                                                                                                                          SHA-256:FD15D2DA82C50B65E9C3F80AF38FD13A24CC53F06C4045EEC7EC9CC1102D3C97
                                                                                                                                                                                                                                                                          SHA-512:52368EC87C6245FBAC7AC7948E06A2298232C34C58A6E807D18C9B7B0DCCE12A83CBE96F6FD7A7025CF1CE87985A8DE9367AA13408F40FBF170B98A3F8E0E61E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/newtab/1/dc7d98d8-0dca-4d30-990a-53b533be7f2f.{"ping_info":{"seq":6,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","reason":"component_init"},"client_info":{"telemetry_sdk_build":"53.2.0","first_run_date":"2023-10-04+01:00","build_date":"1970-01-01T00:00:00+00:00","locale":"en-US","app_channel":"release","architecture":"x86_64","app_display_version":"118.0.1","os":"Windows","os_version":"10.0","app_build":"20230927232528","windows_build_number":19045,"client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6"},"metrics":{"boolean":{"topsites.sponsored_enabled":true,"pocket.is_signed_in":false,"pocket.sponsored_stories_enabled":true,"newtab.search.enabled":true,"pocket.enabled":true,"topsites.enabled":true},"quantity":{"topsites.rows":1},"string":{"newtab.newtab_category":"enabled","newtab.locale":"en-US","newtab.homepage_category":"enabled"},"string_list":{"newtab.blocked_sponsors":[]}}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\10375f0f-2424-40bc-9d04-1d43cdb79358

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2624)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2694
                                                                                                                                                                                                                                                                          Entropy (8bit):4.9289452236317635
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGmVN/u+JETHWSj+KfIJgwJ1oWLX+/rUkuyCGikoRGjTA+BIEAJIp7vokGMJtTg5:71umSaT/oWLuTUktTZg+VpLi/cZrU2op
                                                                                                                                                                                                                                                                          MD5:CD65F7C55F62ED6A523EB361C5DA59A1
                                                                                                                                                                                                                                                                          SHA1:610FBDF17E1B306B08E5E9F9CEDB457C7AA0F9F7
                                                                                                                                                                                                                                                                          SHA-256:9EC29990FF4EFB25A59851DAD71B8BBB18736664C367FCB9CB1F8FD23B159357
                                                                                                                                                                                                                                                                          SHA-512:A41EAD2CF0F8A091DEA4C7FBDA0F1FF7039B951D8F6BEFD4FA9E18275FE0DB18C519E70B04375AB339DE1659F2287F8CA8A96D4BE626119E5D9BB1076C1B30A9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/events/1/10375f0f-2424-40bc-9d04-1d43cdb79358.{"ping_info":{"seq":2,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:32+01:00","reason":"inactive","experiments":{"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"first_run_date":"2023-10-04+01:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6","locale":

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\49c7bad5-5203-4e01-857e-1bf3679dfa77

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1357)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1429
                                                                                                                                                                                                                                                                          Entropy (8bit):5.032149862396694
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGcL/P/oWLXJiWSj+KfIJgw+061++dBU7dMsAMj03iwGJ7vVwovSO:nLvoWLPSaTO0yZLUCM431mLHKO
                                                                                                                                                                                                                                                                          MD5:80AE6148E8E4F00F6E32402573049511
                                                                                                                                                                                                                                                                          SHA1:75F416A8A56352A06C42CA0629E738548D7F86C3
                                                                                                                                                                                                                                                                          SHA-256:6978CAC43A1C2B87708747F405C7EFF11E99A4F3529B4D56D42D3A67E7B9D522
                                                                                                                                                                                                                                                                          SHA-512:6B1B6E2FDC15779B41380108E58D439E5EE821A21E12C5EAF52992F49BE486AFC22021738DC921C38F2DE8EECBE3A985E8664B4344243DEB6A758456563CF865
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/baseline/1/49c7bad5-5203-4e01-857e-1bf3679dfa77.{"ping_info":{"seq":2,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","reason":"active","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652","type":"nimbus-rollout"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","os_version":"10.0","app_display_version":"118.0.1","app_channel":"release","architecture":"x86_64","locale":"en-US","os":"Windows","app_build":"20230927232528","firs

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\6a3d5fd9-ad2a-40f7-8cd1-7c8805928182

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (9530)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9601
                                                                                                                                                                                                                                                                          Entropy (8bit):4.793496896998228
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:NS+Ra1dpTuewkfJiDy0mo2f6fo1wNjT95oIooTBLROC3ejwMIsG:N5zhuLIv
                                                                                                                                                                                                                                                                          MD5:82DE1B940670D67D22AA0FAE650362D5
                                                                                                                                                                                                                                                                          SHA1:5551A8C3DB391A15F06D4461924DB45868843B87
                                                                                                                                                                                                                                                                          SHA-256:B90115413F1251AF0954EE532AE11313E6CDE9547B819411CFA4F1FA8FD6A9E4
                                                                                                                                                                                                                                                                          SHA-512:B9A45C16C5081F5A74826C9F53A31DB416BD04294AC8BDA6328C4F33D6B178D5C3388937E07FDF157EBF06DCCDAC94D6B2CBEF68EAC97D91AFED8F8F788EC1DC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/metrics/1/6a3d5fd9-ad2a-40f7-8cd1-7c8805928182.{"ping_info":{"seq":0,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:29+01:00","reason":"overdue","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_build":"20230927232528","app_channel":"release","architecture":"x86_64","os":"Windows","locale":"en-US","app_display_version":"118.0.1","os_version":"10.0","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-04+01:00","client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6","windows_build_number":19045},"metrics

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\8c642d41-5d07-4a04-9c95-3aa5f41f9892

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1376)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1456
                                                                                                                                                                                                                                                                          Entropy (8bit):5.095082454089942
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGq2JmJT/oWLXJA++dzWSjJnfIJgwJ1YUk7msAarlGjUDG7+pAkQKe4OaTSYjNF4:wmxoWL2ZYSi/YUk7+9gEoAkQoOaTjZ2
                                                                                                                                                                                                                                                                          MD5:5AEF803117FCD7C0E39CBA7F05B89FC2
                                                                                                                                                                                                                                                                          SHA1:4F8F56A2B50688B3695ACA573EDEDC2AF6C7E39A
                                                                                                                                                                                                                                                                          SHA-256:31B3843F407ACA3E03724F7611374EDCCD409541D2370C27386BE0D30387D647
                                                                                                                                                                                                                                                                          SHA-512:B2F7059F4709FEAE6ECD18A96EB4B490EEF6C0E9D67E82CE8A73AA2ECD63DD60CC0F8E281FCE5E641D99912966B76D605EECBAD712F7B104E598EB63D4952464
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/messaging-system/1/8c642d41-5d07-4a04-9c95-3aa5f41f9892.{"ping_info":{"seq":8,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652","type":"nimbus-rollout"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"app_channel":"release","architecture":"x86_64","os_version":"10.0","locale":"en-US","app_build":"20230927232528","os":"Windows","app_display_versi

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\8e03c6a5-4038-4824-b6a7-0094f9d22535

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1759)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1829
                                                                                                                                                                                                                                                                          Entropy (8bit):4.969730597435921
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGc24V/oWLX+RWSj+KfIJgwJ1YUkuyCGihoGjTAar+uXvAI0p7vokwTtmdZwTt1K:loWLuwSaT/YUktTighEspLURUl
                                                                                                                                                                                                                                                                          MD5:10851869D73E7BF6AF7307D80050BE93
                                                                                                                                                                                                                                                                          SHA1:A3BEA8CF04ACB65356E63CD93CB58D5709B001E7
                                                                                                                                                                                                                                                                          SHA-256:20DED3B5F0088363848C8BE912E3106D71E36AE9DE03519907FAC510B5E10A8F
                                                                                                                                                                                                                                                                          SHA-512:9909B57C8D4E4FCA10C508F355382EE9A54C0AB4FF2BEE122ABC1C537132C8AF6441D466182C59029EFBC0EF18534792C4C583E86189BAF6EDF9C54E88C9F668
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/events/1/8e03c6a5-4038-4824-b6a7-0094f9d22535.{"ping_info":{"seq":1,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","reason":"startup","experiments":{"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","windows_build_number":19045,"first_run_date":"2023-10-04+01:00","build_date":"1970-01-01T00:00:00+00:00","client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6","locale":"en-US","app_channel":"release","app_display_version":"118.0.1","app_build":"20230927232528","architecture":"x86_64","os_version":"10.0","os":"Windows"},"metrics"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\8f9a59d9-7344-4129-b09b-0ee358c24ff7

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1394)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1474
                                                                                                                                                                                                                                                                          Entropy (8bit):5.115360638361872
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGP8F/RJgw+061+JETRWLX+RWSjJnfxUzGjRlTAa1V7G7+pAkQ+K+7VYaSYTKLjr:x9vO0yBWLuwSzUiMU7EoAkQ+v7VYajTe
                                                                                                                                                                                                                                                                          MD5:6B68AB7E4BDC5319D9050AD8BA9FD565
                                                                                                                                                                                                                                                                          SHA1:109CD4B3E4504F17B0A610A5B35171568D4AE374
                                                                                                                                                                                                                                                                          SHA-256:FDE19D8FE827F34DD9C3C717D4C1E923CA40F1D474F7B169D017DFAE15570CEC
                                                                                                                                                                                                                                                                          SHA-512:77FFEB7CD29AAC0D4CABE4D2A4758A2A4E078C3C3F91A1E113D732C99A015321424CB28345BF44BC96813D541A7F311C76FF54C86D99012CE0E1CF6EABF1FC4F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/messaging-system/1/8f9a59d9-7344-4129-b09b-0ee358c24ff7.{"ping_info":{"seq":9,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:29+01:00","experiments":{"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe","type":"nimbus-rollout"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","type":"nimbus-rollout"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","app_display_version":"118.0.1","app_build":"20230927232528","os_version":"10.0","locale":"en-US","architecture":"x86_64","os":"Windows","app_channel":"release","windows_build_

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\cba6e952-ed13-4a0e-867c-e02daf979645

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1386)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1458
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0303959986842335
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BGE/ClpWSj+Kf9WLX+1+JET0Jgw+0kU87mcjlTAUREGiwMrxa0wo+ip7vH:PHSa0WLu1gO0kU87F2q1MQo1pLH
                                                                                                                                                                                                                                                                          MD5:4728B5D3BA601D600C1CEE866676FD82
                                                                                                                                                                                                                                                                          SHA1:80CE3A150610AABBC2527FB0B12C15C161BC8090
                                                                                                                                                                                                                                                                          SHA-256:F12769020660F148F1F11F6E5FB11916BFB061BF3B570A1852C91ABC4E353543
                                                                                                                                                                                                                                                                          SHA-512:EF399821BBFFE49A3DB436BB788A3C886B6CF9C3159773768EA9AF0516342E1B8E33C24E5261C97EA84DFED94422F68C88B4E5937BFC8ED841EA04A8AE7A7210
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/baseline/1/cba6e952-ed13-4a0e-867c-e02daf979645.{"ping_info":{"seq":3,"start_time":"2024-01-17T17:29+01:00","end_time":"2024-01-17T17:32+01:00","reason":"inactive","experiments":{"csv-import-release-rollout":{"branch":"enable-csv-import","extra":{"type":"nimbus-rollout","enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b"}},"serp-ad-telemetry-rollout":{"branch":"control","extra":{"type":"nimbus-rollout","enrollmentId":"4fb599b7-2bfe-40fa-aec3-5b51dcdef652"}},"extensions-migration-in-import-wizard-116-rollout":{"branch":"control","extra":{"enrollmentId":"e3d881d7-090e-4889-b490-6f6306679ffe","type":"nimbus-rollout"}},"upgrade-spotlight-rollout":{"branch":"treatment","extra":{"type":"nimbus-rollout","enrollmentId":"3eec18fa-2067-4082-925e-9c8a7241148b"}}}},"client_info":{"telemetry_sdk_build":"53.2.0","build_date":"1970-01-01T00:00:00+00:00","first_run_date":"2023-10-04+01:00","windows_build_number":19045,"app_channel":"release","os":"Windows","app_build":"202309

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\dc7d98d8-0dca-4d30-990a-53b533be7f2f

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (872)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):942
                                                                                                                                                                                                                                                                          Entropy (8bit):4.9828048040859745
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:BG2fKeENLSgAU7guNklrfl49mHOVunsmG+cmjziqaea1GAO2OLNh589HmLIoRSf8:BGtN8UOsAU2Gjm3iwgGAOZLNh5iY0E
                                                                                                                                                                                                                                                                          MD5:D17F1AD786F7B055DC18931EBF67E475
                                                                                                                                                                                                                                                                          SHA1:45AF6DD109BD2AE0CB7A3063A0CB9703C2BE5936
                                                                                                                                                                                                                                                                          SHA-256:FD15D2DA82C50B65E9C3F80AF38FD13A24CC53F06C4045EEC7EC9CC1102D3C97
                                                                                                                                                                                                                                                                          SHA-512:52368EC87C6245FBAC7AC7948E06A2298232C34C58A6E807D18C9B7B0DCCE12A83CBE96F6FD7A7025CF1CE87985A8DE9367AA13408F40FBF170B98A3F8E0E61E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/submit/firefox-desktop/newtab/1/dc7d98d8-0dca-4d30-990a-53b533be7f2f.{"ping_info":{"seq":6,"start_time":"2023-10-04T14:40+01:00","end_time":"2024-01-17T17:29+01:00","reason":"component_init"},"client_info":{"telemetry_sdk_build":"53.2.0","first_run_date":"2023-10-04+01:00","build_date":"1970-01-01T00:00:00+00:00","locale":"en-US","app_channel":"release","architecture":"x86_64","app_display_version":"118.0.1","os":"Windows","os_version":"10.0","app_build":"20230927232528","windows_build_number":19045,"client_id":"d6eabfd9-e659-41c7-a9da-1a0be7949be6"},"metrics":{"boolean":{"topsites.sponsored_enabled":true,"pocket.is_signed_in":false,"pocket.sponsored_stories_enabled":true,"newtab.search.enabled":true,"pocket.enabled":true,"topsites.enabled":true},"quantity":{"topsites.rows":1},"string":{"newtab.newtab_category":"enabled","newtab.locale":"en-US","newtab.homepage_category":"enabled"},"string_list":{"newtab.blocked_sponsors":[]}}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\session-state.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):161
                                                                                                                                                                                                                                                                          Entropy (8bit):4.910777929517284
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YWAqKs5DMIcr2IclUDWGf6XRMfR9X9oHQSIWWRpzJA2aqnLJrja/H5C:YWAqf5gR2Ic2dyXqf9aQSyRVOanLFu/Q
                                                                                                                                                                                                                                                                          MD5:1FD1B0C2A74E220259E0DCCA0E9DF076
                                                                                                                                                                                                                                                                          SHA1:2D857004102BABCC83E5140387D687846E313ACD
                                                                                                                                                                                                                                                                          SHA-256:281803371CEF08C027F8E271627E960E99961686E1FFBB062CDFAECB9B166BCF
                                                                                                                                                                                                                                                                          SHA-512:E662C5475BFAA140D85FB60B2B5E5E3B3EC6827082A39BA1AEE352B82028EFC8A62FAEBC439B6EE2AB5AA47B47A297469AF96DC4E5BC762A1E83661D496B66FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"sessionId":"d5358840-9d95-46c9-9a6b-c7883f3c8863","subsessionId":"591a4a12-6a01-4ffb-b585-8aff8de47214","profileSubsessionCounter":3,"newProfilePingSent":true}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36830
                                                                                                                                                                                                                                                                          Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1021904
                                                                                                                                                                                                                                                                          Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):116
                                                                                                                                                                                                                                                                          Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.038370694754926785
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:GHlhV63Vkqn8STkUmwW/HlhV63Vkqn8STkUmw1il8a9//Ylll4llqlyllel4lt:G7V6R8gkUmB7V6R8gkUmQGL9XIwlio
                                                                                                                                                                                                                                                                          MD5:A60DB6AB90C75D6455420CB06ED37ACF
                                                                                                                                                                                                                                                                          SHA1:98FF0418346277888E3060FDD789260C3B8DCEB2
                                                                                                                                                                                                                                                                          SHA-256:5305DFE1AF09E8B2680A20DBD585EBFA8881EC4FF469C3366188844579A4F359
                                                                                                                                                                                                                                                                          SHA-512:FAAF6609D6ACC90094C2278DB648FA59202EF1C7DED78E3D74CE724BBD1109A4056ED3A536C18CC42E79CC0BA940B3CCD62117CC94DACFB26ECF02B9A11AABD0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-................................$OB.w...\.....-................................$OB.w...\...........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):163992
                                                                                                                                                                                                                                                                          Entropy (8bit):0.13368933425993695
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:KGzQfkhFLxsZ+wmBy2zxsMlCXsMzqCFZ7pCF6C5WUCuSCCQE/HaaKCc7RCGOxsay:RQMtQcy2VJCXs4qLWeJa1Vya0WaaZk
                                                                                                                                                                                                                                                                          MD5:576DD7094ABEFD152F39BD6B0DE8E37B
                                                                                                                                                                                                                                                                          SHA1:35A79828CA5F22F5E9C697C197A56E175A6D2243
                                                                                                                                                                                                                                                                          SHA-256:63B1A1A918D5BE521639FB7986C0F4C152B40F1272C4B15C00B2AC8DB4D18274
                                                                                                                                                                                                                                                                          SHA-512:E7FB9E6E6FFAEB8EB929CB4B5FFCA36251E20B34D5A48A19AAE83BF70E7CC77BEB4BAD128EBD8082111C88C27885FCA473270CDE318C9704CC80F43BDFE8B7AE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:7....-.............$OB.w....*..............$OB.wz.Y.K*S.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                          Entropy (8bit):5.479752018168772
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:0nPOeRnLYbBp61J0aX+D6SEXK37NZM5RHWNBw8dKSl:WDe8JUGqhOHEwR0
                                                                                                                                                                                                                                                                          MD5:D0B7754D918A13055FB7C258D9B58DCD
                                                                                                                                                                                                                                                                          SHA1:9671F22F91D5C8ED571250AAF5A5D73D15822FE2
                                                                                                                                                                                                                                                                          SHA-256:1C37C4B18E338E7C5B43DFA4265D646B641454DF773D45EC4FCCC8083E2302A9
                                                                                                                                                                                                                                                                          SHA-512:BC2DE8E1C5D565F0FB5862D5FFB7A4CA56E732A7E9F12AA8E7FB7987992BDCDD5A3EFC594BD7EFFCBA659FB3F4D8F6DABEBF57C7BC461492DDA4B94FCF830D20
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1705508975);..user_pref("app.update.lastUpdateTime.background-update-timer", 1705508975);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1705508975);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169642

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):13187
                                                                                                                                                                                                                                                                          Entropy (8bit):5.479752018168772
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:0nPOeRnLYbBp61J0aX+D6SEXK37NZM5RHWNBw8dKSl:WDe8JUGqhOHEwR0
                                                                                                                                                                                                                                                                          MD5:D0B7754D918A13055FB7C258D9B58DCD
                                                                                                                                                                                                                                                                          SHA1:9671F22F91D5C8ED571250AAF5A5D73D15822FE2
                                                                                                                                                                                                                                                                          SHA-256:1C37C4B18E338E7C5B43DFA4265D646B641454DF773D45EC4FCCC8083E2302A9
                                                                                                                                                                                                                                                                          SHA-512:BC2DE8E1C5D565F0FB5862D5FFB7A4CA56E732A7E9F12AA8E7FB7987992BDCDD5A3EFC594BD7EFFCBA659FB3F4D8F6DABEBF57C7BC461492DDA4B94FCF830D20
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1705508975);..user_pref("app.update.lastUpdateTime.background-update-timer", 1705508975);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1705508975);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 169642

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                          Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                          MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                          SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                          SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                          SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite-journal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):33288
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08316507793616935
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:7+/l2gtBl/lquN1P4BEJYqWvLue3FMOrMZ06:7+t26Bl/ZnjfJiFxMZ1
                                                                                                                                                                                                                                                                          MD5:B716DBF2DF540248F8FF43D55B7CB061
                                                                                                                                                                                                                                                                          SHA1:26358D1DF76E38470C06804D75A49BA255A285C5
                                                                                                                                                                                                                                                                          SHA-256:7515F4CAEBE53CB1A9359267B642BBAD3829D45CE7084DAC5D38B4B3290C8234
                                                                                                                                                                                                                                                                          SHA-512:8EB82BF21C09A0041E2A6F2B971C576A3FF746921CABD49D7173C3BAC8651E7B1963B4C5D0ADCDB377EEC4B862730A670BE7431CE750A77076012947AA8E7C6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.... .c.....T.~|....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................j.......x..x......................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\ec86b523-1b57-4c6f-a649-8e603818af4e (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):493
                                                                                                                                                                                                                                                                          Entropy (8bit):4.959738505456699
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgRUvgZgHIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YVvrSlCOlZGV1AQIWZcy6ZXvx
                                                                                                                                                                                                                                                                          MD5:6F3FEE368FEA667FC91F63C0C46F144F
                                                                                                                                                                                                                                                                          SHA1:F5EEA3D70421363738754EC09319164884C46695
                                                                                                                                                                                                                                                                          SHA-256:E2FCB8B9AEF998C6132C13AD50E109EA1EA7F81427B530837F09DD1474AA2D11
                                                                                                                                                                                                                                                                          SHA-512:5856CF50701D6ADD22D9E9ABCF0A70EE6E5305153539D2D8E425C2FB80E17CC4FE07962B646C42E92BD7677B55EEAB4055699930BF0594C14449D7ECA9DA49A8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"ec86b523-1b57-4c6f-a649-8e603818af4e","creationDate":"2024-01-17T16:30:09.476Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\ec86b523-1b57-4c6f-a649-8e603818af4e.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):493
                                                                                                                                                                                                                                                                          Entropy (8bit):4.959738505456699
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YZFgRUvgZgHIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YVvrSlCOlZGV1AQIWZcy6ZXvx
                                                                                                                                                                                                                                                                          MD5:6F3FEE368FEA667FC91F63C0C46F144F
                                                                                                                                                                                                                                                                          SHA1:F5EEA3D70421363738754EC09319164884C46695
                                                                                                                                                                                                                                                                          SHA-256:E2FCB8B9AEF998C6132C13AD50E109EA1EA7F81427B530837F09DD1474AA2D11
                                                                                                                                                                                                                                                                          SHA-512:5856CF50701D6ADD22D9E9ABCF0A70EE6E5305153539D2D8E425C2FB80E17CC4FE07962B646C42E92BD7677B55EEAB4055699930BF0594C14449D7ECA9DA49A8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"type":"health","id":"ec86b523-1b57-4c6f-a649-8e603818af4e","creationDate":"2024-01-17T16:30:09.476Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):90
                                                                                                                                                                                                                                                                          Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 7426 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1788
                                                                                                                                                                                                                                                                          Entropy (8bit):6.379390630429981
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:1pOhkxeUj02MvjyBk0yZMUI8mG5XBe8TQ2XtY3:R5MvjyCNZMy5XzFXg
                                                                                                                                                                                                                                                                          MD5:AE3208B335F0733F6DFF2F06615A61DF
                                                                                                                                                                                                                                                                          SHA1:598CE4338D959313029F55FA3FF6603CAD04AE80
                                                                                                                                                                                                                                                                          SHA-256:1EFFDA40D5177EFE8CA1350D01D6B7A77C43F1F43694168D226F2FECFB91927D
                                                                                                                                                                                                                                                                          SHA-512:0A84CCBC0AFDEA449EE413ADF9551418A8AD38E8847B7D48088E0A347D6186B12E47CFCC19B864C095C296E5408A3FAECF17F5AA3C616E2C0A48DE1C8406FDEE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://accounts.google.com/","title'....cacheKey":0,"ID":5,"docshellUU...D"{d18720ca-a6ff-470e-8b9d-34656c04ec05}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":6,"persist":true}],"lastAccessed":1705508970421,"hiddey..searchMode...userContextId...attributy..{},"index":1...questedI..p0,"imagr...chrome://global/skin/icons/warning.svg"},..X!19@......f258be0f-e8a0-4c4c-bb68-5e117b8baf66x...referrerInfo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==-.^.......O3405....20....cedfe65f-5190-416e-803f-aa5b771a340....2....9153443....2....850bb718-4174-41f8-ab8d-e532be9cd542\......o917094\...],"select6..4,"_closedT}.@],"_Y..C..`GroupCu..":-1,"busyW....PFlagsw..50633470....dth":1164,"height":891,"screenX{.....Y..Aizem..."normal"...BeforeMinimiz...#..workspace...98952893-68....a5d-a164-705c709ed3db","z...1G.....W...............4....1":{y.dUpdatew...9186477,"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 7426 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1788
                                                                                                                                                                                                                                                                          Entropy (8bit):6.379390630429981
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:1pOhkxeUj02MvjyBk0yZMUI8mG5XBe8TQ2XtY3:R5MvjyCNZMy5XzFXg
                                                                                                                                                                                                                                                                          MD5:AE3208B335F0733F6DFF2F06615A61DF
                                                                                                                                                                                                                                                                          SHA1:598CE4338D959313029F55FA3FF6603CAD04AE80
                                                                                                                                                                                                                                                                          SHA-256:1EFFDA40D5177EFE8CA1350D01D6B7A77C43F1F43694168D226F2FECFB91927D
                                                                                                                                                                                                                                                                          SHA-512:0A84CCBC0AFDEA449EE413ADF9551418A8AD38E8847B7D48088E0A347D6186B12E47CFCC19B864C095C296E5408A3FAECF17F5AA3C616E2C0A48DE1C8406FDEE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://accounts.google.com/","title'....cacheKey":0,"ID":5,"docshellUU...D"{d18720ca-a6ff-470e-8b9d-34656c04ec05}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":6,"persist":true}],"lastAccessed":1705508970421,"hiddey..searchMode...userContextId...attributy..{},"index":1...questedI..p0,"imagr...chrome://global/skin/icons/warning.svg"},..X!19@......f258be0f-e8a0-4c4c-bb68-5e117b8baf66x...referrerInfo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==-.^.......O3405....20....cedfe65f-5190-416e-803f-aa5b771a340....2....9153443....2....850bb718-4174-41f8-ab8d-e532be9cd542\......o917094\...],"select6..4,"_closedT}.@],"_Y..C..`GroupCu..":-1,"busyW....PFlagsw..50633470....dth":1164,"height":891,"screenX{.....Y..Aizem..."normal"...BeforeMinimiz...#..workspace...98952893-68....a5d-a164-705c709ed3db","z...1G.....W...............4....1":{y.dUpdatew...9186477,"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:Mozilla lz4 compressed data, originally 7426 bytes
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1788
                                                                                                                                                                                                                                                                          Entropy (8bit):6.379390630429981
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:1pOhkxeUj02MvjyBk0yZMUI8mG5XBe8TQ2XtY3:R5MvjyCNZMy5XzFXg
                                                                                                                                                                                                                                                                          MD5:AE3208B335F0733F6DFF2F06615A61DF
                                                                                                                                                                                                                                                                          SHA1:598CE4338D959313029F55FA3FF6603CAD04AE80
                                                                                                                                                                                                                                                                          SHA-256:1EFFDA40D5177EFE8CA1350D01D6B7A77C43F1F43694168D226F2FECFB91927D
                                                                                                                                                                                                                                                                          SHA-512:0A84CCBC0AFDEA449EE413ADF9551418A8AD38E8847B7D48088E0A347D6186B12E47CFCC19B864C095C296E5408A3FAECF17F5AA3C616E2C0A48DE1C8406FDEE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://accounts.google.com/","title'....cacheKey":0,"ID":5,"docshellUU...D"{d18720ca-a6ff-470e-8b9d-34656c04ec05}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":6,"persist":true}],"lastAccessed":1705508970421,"hiddey..searchMode...userContextId...attributy..{},"index":1...questedI..p0,"imagr...chrome://global/skin/icons/warning.svg"},..X!19@......f258be0f-e8a0-4c4c-bb68-5e117b8baf66x...referrerInfo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==-.^.......O3405....20....cedfe65f-5190-416e-803f-aa5b771a340....2....9153443....2....850bb718-4174-41f8-ab8d-e532be9cd542\......o917094\...],"select6..4,"_closedT}.@],"_Y..C..`GroupCu..":-1,"busyW....PFlagsw..50633470....dth":1164,"height":891,"screenX{.....Y..Aizem..."normal"...BeforeMinimiz...#..workspace...98952893-68....a5d-a164-705c709ed3db","z...1G.....W...............4....1":{y.dUpdatew...9186477,"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                                                                                                          Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite-journal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2592
                                                                                                                                                                                                                                                                          Entropy (8bit):0.4499060162182437
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:7FEG2l7kqvvlVdlp/FlL/l2kJtnktd3/CMRgSEBtl/g/vVltllkNhXXCn:7+/l7Tvl3/hctd/pgvBtl4/cHCn
                                                                                                                                                                                                                                                                          MD5:A11CB790DC2440F9DB09E351E11E4F1C
                                                                                                                                                                                                                                                                          SHA1:E5D02D9492615E8BEC8140675D6D5E584581531C
                                                                                                                                                                                                                                                                          SHA-256:0EE5335299DF96E1204A8D5DAAC562708FDFF9FD068931B9EE10746C96A5FF8E
                                                                                                                                                                                                                                                                          SHA-512:A79DD2BE1B652637303CD0A3417613B48EB4BDCC80EDA3A711BB4937487C5C1E34D7242A3717261B3243EA039B2D001CC480DF9205EF5E188E79CF8A10826FC9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.... .c......O..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.02060845394601122
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8ldjQ95ldjQltxR9//:G0dU7dMR9X
                                                                                                                                                                                                                                                                          MD5:DFB77F293664A7DF42D5C4A48621953F
                                                                                                                                                                                                                                                                          SHA1:D359AF2128D150E3C981A3692F39F48CD396820D
                                                                                                                                                                                                                                                                          SHA-256:1A3E4686FED32333621BCBC069D610731F9E62D2BDC42E8DAF0535BDF196007B
                                                                                                                                                                                                                                                                          SHA-512:AA2E7522CF4B8B6C537817F648297DD2CBEBB75D7358168900E9348397B47354C5D14BC5D75E05B50C0622AB021415117A1906236A6DDEC600115A746DF08AF5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-..................................*[8...$B.j..-..................................*[8...$B.j........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                          Entropy (8bit):5.031841939532311
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:ycF3MTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:YTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                          MD5:02BB89DEA97CD137FD39B1920D6F40B5
                                                                                                                                                                                                                                                                          SHA1:2786A0006F5E82DC43B7D1497232FEF18678F027
                                                                                                                                                                                                                                                                          SHA-256:2E1E70CB0601F73732CED26DAF4A90FEFE74EEFAB5EC576E61880DEB9E02D8A3
                                                                                                                                                                                                                                                                          SHA-512:77B5BF9DE322F2B5CDEA1BF518B4DBB3CEC9BC18C5236DABF798AE568B155B49391A5922BE6AF0BF04C4A0DF279E491450BD71A236409A3FD9639CC53E0729A7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-01-17T16:29:47.987Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4537
                                                                                                                                                                                                                                                                          Entropy (8bit):5.031841939532311
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:ycF3MTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:YTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                          MD5:02BB89DEA97CD137FD39B1920D6F40B5
                                                                                                                                                                                                                                                                          SHA1:2786A0006F5E82DC43B7D1497232FEF18678F027
                                                                                                                                                                                                                                                                          SHA-256:2E1E70CB0601F73732CED26DAF4A90FEFE74EEFAB5EC576E61880DEB9E02D8A3
                                                                                                                                                                                                                                                                          SHA-512:77B5BF9DE322F2B5CDEA1BF518B4DBB3CEC9BC18C5236DABF798AE568B155B49391A5922BE6AF0BF04C4A0DF279E491450BD71A236409A3FD9639CC53E0729A7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-01-17T16:29:47.987Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):138
                                                                                                                                                                                                                                                                          Entropy (8bit):4.508320854687134
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJ8KgfHVEBQulvhJBAuqRrHvN+M4fHhY:YGNTG/SJ8Kgf1Epv54rH0vHhY
                                                                                                                                                                                                                                                                          MD5:3D077488383DEAFEC70CCB166831D6F9
                                                                                                                                                                                                                                                                          SHA1:86CEAB4DE0AA8937A5AB50CE230C8F8335687B04
                                                                                                                                                                                                                                                                          SHA-256:D7AD2ADEBD1FD25B9A749DF2AF8E8FC4185CBBDDF321C07D07FD34C240FDE8CE
                                                                                                                                                                                                                                                                          SHA-512:C70A8F7D761DAFA78F38335B4714376C1348C7C781E3D6C98E93481A3469EE5E34D3AA10F4D78C1C48C8CB5C903677E8A74A733299150F8EB3996A64979FF51B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"sizemode":"normal","screenX":"4","screenY":"4","width":"1164","height":"891"}}}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.json.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):138
                                                                                                                                                                                                                                                                          Entropy (8bit):4.508320854687134
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YGNDhK6c2us1pNGHfYS8dJ8KgfHVEBQulvhJBAuqRrHvN+M4fHhY:YGNTG/SJ8Kgf1Epv54rH0vHhY
                                                                                                                                                                                                                                                                          MD5:3D077488383DEAFEC70CCB166831D6F9
                                                                                                                                                                                                                                                                          SHA1:86CEAB4DE0AA8937A5AB50CE230C8F8335687B04
                                                                                                                                                                                                                                                                          SHA-256:D7AD2ADEBD1FD25B9A749DF2AF8E8FC4185CBBDDF321C07D07FD34C240FDE8CE
                                                                                                                                                                                                                                                                          SHA-512:C70A8F7D761DAFA78F38335B4714376C1348C7C781E3D6C98E93481A3469EE5E34D3AA10F4D78C1C48C8CB5C903677E8A74A733299150F8EB3996A64979FF51B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"chrome://browser/content/browser.xhtml":{"main-window":{"sizemode":"normal","screenX":"4","screenY":"4","width":"1164","height":"891"}}}

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1000

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):159123
                                                                                                                                                                                                                                                                          Entropy (8bit):5.343210329703965
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:06JDeggr67IOESAGiUcClZ84GKueSnFGNrgZsIWBxZjbUO+gw00+RfG9BnxYQQ+X:/DJbLcCn8Mue/rws5BxzEKKGO
                                                                                                                                                                                                                                                                          MD5:2658A71229A5C3E6FA34B05C403EA394
                                                                                                                                                                                                                                                                          SHA1:8A1513E4530B8466702E48B0F9E8486B98A452C7
                                                                                                                                                                                                                                                                          SHA-256:116B38773E8B975F3404A0928A999967B33DD2688C933363319D70690081572C
                                                                                                                                                                                                                                                                          SHA-512:FF0AD0F86E7351121B88417C80CD7810271CFB393873B1EFA180C76BCA369332A9018C822ABDD58AC5178D82C103F4F259587E9730DE3551815AA59F8DE313A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/tl/6.4.65/patleaf.js
                                                                                                                                                                                                                                                                          Preview:if(!function(t){window.pako=t()}(function(){return function i(s,h,l){function o(e,t){if(!h[e]){if(!s[e]){var r="function"==typeof require&&require;if(!t&&r)return r(e,!0);if(_)return _(e,!0);r=new Error("Cannot find module '"+e+"'");throw r.code="MODULE_NOT_FOUND",r}r=h[e]={exports:{}};s[e][0].call(r.exports,function(t){return o(s[e][1][t]||t)},r,r.exports,i,s,h,l)}return h[e].exports}for(var _="function"==typeof require&&require,t=0;t<l.length;t++)o(l[t]);return o}({1:[function(t,e,a){"use strict";var n="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;a.assign=function(t){for(var e,a,n=Array.prototype.slice.call(arguments,1);n.length;){var r=n.shift();if(r){if("object"!=typeof r)throw new TypeError(r+"must be non-object");for(var i in r)e=r,a=i,Object.prototype.hasOwnProperty.call(e,a)&&(t[i]=r[i])}}return t},a.shrinkBuf=function(t,e){return t.length===e?t:t.subarray?t.subarray(0,e):(t.length=e,t)};var r={arraySet:function(t,e,a,n,r){if(e

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1001

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2636), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):153425
                                                                                                                                                                                                                                                                          Entropy (8bit):5.338453754150566
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:D1lZAT60MhmjGFhxx25lnl9bsPdVcTzWMayN3qxViIomeFANNfsfM6kQuOEmTMqe:708xx25/9b6dVcr9qVij4rUEoe
                                                                                                                                                                                                                                                                          MD5:E038A2667EF2220E2B9E585BCDE8FEBB
                                                                                                                                                                                                                                                                          SHA1:843C4C9BBEBF5999EE330D480335E2936D608D17
                                                                                                                                                                                                                                                                          SHA-256:F17E6E857C0DF2EEC9EC021F0A24DBB0FC9680835EAD3EE019C8DA3EA72AEF6B
                                                                                                                                                                                                                                                                          SHA-512:5268FE455C7DFB33F6383785B0936E1EA37195F14570C8F73D9C92524A6C78242B4706F2EA2438327B130466F2C52E928008010CD31F1E755A7DB85BDD5A8AD7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=4DiiZn7yIg4r&l=english
                                                                                                                                                                                                                                                                          Preview:..Steam = {...sm_bInitialized: false,...sm_bUserInClient: false,...sm_bUserInGameOverlay: false,...sm_bUserInTenfootBrowser: false,...sm_bUserInMobileChat: false,...sm_bUserInMobileApp: false,.....BIsUserInSteamClient: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInClient;...},.....BIsUserInGameOverlay: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInGameOverlay...},.....BIsUserInSteamTenfootBrowser: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInTenfootBrowser;...},.....BIsUserInClientOrOverlay: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInClient || Steam.sm_bUserInGameOverlay;...},.....BIsUserInSteamMobileChat: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInMobileChat;...},.....BIsUserInSteamMobileApp: function()...{....if ( !Steam.sm_bInitialized )...

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1002

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1819), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):86291
                                                                                                                                                                                                                                                                          Entropy (8bit):5.668738162284681
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:ONnreaPWZxrmucwoMf1abY1oB2n70HupuF8P+WaVgDYqiaiiP1rNUEs1H5T7EeEX:ltlDK/UnweoQj
                                                                                                                                                                                                                                                                          MD5:F07AC5042A25B73BAB23A861E2919C65
                                                                                                                                                                                                                                                                          SHA1:DA626F552B1D5B4BF81BD8DCE3FAB88BFB354F06
                                                                                                                                                                                                                                                                          SHA-256:AA1EF4FA621CFEB11ABC0EAB85E82D24371B940074BCDCF74E701B99335CA2A8
                                                                                                                                                                                                                                                                          SHA-512:CCA1050DCBF29F1DF91D635924808C01A1D5555F925A4325D2DCE8DCA01FF7C7BDE852DC266D54FF068F1CF47440BAB583D496CA01C0C5E09B46AD2AA1A4F7E2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/css/shared_global.css?v=8HrFBColtzur&l=english
                                                                                                                                                                                                                                                                          Preview::root {.../* System greys */...--gpSystemLightestGrey: #DCDEDF;...--gpSystemLighterGrey: #B8BCBF;...--gpSystemLightGrey: #8B929A;...--gpSystemGrey: #67707B;...--gpSystemDarkGrey: #3D4450;...--gpSystemDarkerGrey: #23262E;...--gpSystemDarkestGrey: #0E141B;...../* Store blue greys */...--gpStoreLightestGrey: #CCD8E3;...--gpStoreLighterGrey: #A7BACC;...--gpStoreLightGrey: #7C8EA3;...--gpStoreGrey: #4e697d;...--gpStoreDarkGrey: #2A475E;...--gpStoreDarkerGrey: #1B2838;...--gpStoreDarkestGrey: #000F18;...../* Gradients */...--gpGradient-StoreBackground: linear-gradient(180deg, var(--gpStoreDarkGrey) 0%, var(--gpStoreDarkerGrey) 80%);...--gpGradient-LibraryBackground: radial-gradient(farthest-corner at 40px 40px,#3D4450 0%, #23262E 80%);...../* Colours */...--gpColor-Blue: #1A9FFF;...--gpColor-BlueHi: #00BBFF;...--gpColor-Green: #5ba32b;...--gpColor-GreenHi: #59BF40;...--gpColor-Orange: #E35E1C;...--gpColor-Red: #D94126;...--gpColor-RedHi: #EE563B;...--gpColor-DustyBlue: #417a9b;...--gpColor-L

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1003

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2422)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2604
                                                                                                                                                                                                                                                                          Entropy (8bit):5.41356784619952
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:iIaELO1M3V75TLX/aAgDHmDQvBKcJJmxvljJohQzgcWWmR4:7ikDbAwO8JlEcWT4
                                                                                                                                                                                                                                                                          MD5:DFF9B90B11C4185CC8D1D6BC08C9006D
                                                                                                                                                                                                                                                                          SHA1:7623049B08048997BB062C98991C4AC6FCFA720C
                                                                                                                                                                                                                                                                          SHA-256:4EA8D60FC24D7C64B46D0B84DE545BF5118CA2C7CA4E029FDEBF09D4D1B4ADA4
                                                                                                                                                                                                                                                                          SHA-512:F92C7845FA813BC1B8C3FFAF7F2229738100E08DDC321A022AFB24AB110CA194BD223A8902228B95820A5A275417AB9954A38747063741192FC2BB1924A5E57A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.Typeahead~loader.AppModules~bundle.AudioSpaceDiscovery.d346df7a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.Typeahead~loader.AppModules~bundle.AudioSpaceDiscovery"],{820604:(e,s,t)=>{t.d(s,{ZP:()=>v,UJ:()=>f});t(906886),t(136728);var o=t(202784),r=t(325686),i=t(973186),n=t(882392),u=t(645184),a=t.n(u),c=t(166927),l=t(801206),d=t(368547),p=t(766961),h=t(76687),b=t(348501),m=t(392160),g=t(157659);const q=(0,m.Z)().propsFromState((()=>({viewerUser:g.ZP.selectViewerUser}))).adjustStateProps((({viewerUser:e})=>({viewerUserScreenName:e?e.screen_name:void 0}))),w=a().b47e760e,y=a().fd2c7b44,_=new c.Z,f=e=>_.subscribe(e).unsubscribe;class S extends o.Component{constructor(...e){super(...e),this._bindKeyboardShortcuts=()=>{const{history:e,viewerUserScreenName:s}=this.props,t=(s,t={})=>e.push({pathname:s,state:{...t,source:"keyboard_shortcut"}}),o=e=>s=>{s.preventDefault(),_.getListeners().length?_.notify(e):t("/explore",{searchFocused:!0,searchPrefill:e})},r={[p.uq.labs.openComma

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1004

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 60 x 74, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1768
                                                                                                                                                                                                                                                                          Entropy (8bit):7.469918031802929
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:rgWxHFIKgxqhKC53xq23C45lnY7QY8yfr0s1lwGLO2b5:r1DikzRi4/nYf8It1qGLO2b5
                                                                                                                                                                                                                                                                          MD5:BD9F6CAD63928429769C472E04CE09BE
                                                                                                                                                                                                                                                                          SHA1:A56E7F9011663D919FC1E063AD2C0C0DF0D4D55D
                                                                                                                                                                                                                                                                          SHA-256:B3F1BF1D5E25838BCAD8535A2B700486644F4EA888E46C77D3E82783CB9DA1B4
                                                                                                                                                                                                                                                                          SHA-512:08D9481731CBCC1710ED73D3BA3A0711F74912086B0AFDF159880299F8D47D18B4B3FB2AA8AB643C1AE15C9B3A408D8F9ECDA39D69C8E8D8F511667813BF42BF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/images/shared/momgram@2x.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...<...J......Y.....sRGB.........PLTE....0o!/p 0n /o /n..n.-l.(k..@..f 0o!1p 0o!0o 0p!0o..l..U.0n!0o!/o +j 1o 0o.,m `!1p.-q .p./n./o.0p!0p. p!0p!0o!1o.$d 0p 0p.+j 0o /o 0o.+c 0p 1o.-n!0p.)n..]..U.1o 0n.B..~..m. 1o.V........n.!0o.p.....j.!0p 1p..........C..r..,p.]...../o.{..o../p.D..t.!1o.r..{.!0p.>{....}.!1o.k.....$[.I.... -n.8v.......0n.u..y. 0o.d..t. 0p 2q.l..p. 0p.4s.u..r.....K........+m.>|.u..y. /o 3r.O..r.....q. 0o.A..T........q. 0o.<y.U..[..\..a..g..l.....x.!1p.R........j..5t....z..N.....i..1p.^..q..0o.m..z. 1o.}.....t. 0p....{.... 1o.9w.u..H..~..m..+o.W.....}..o..0o.f.....~..q..u. 0o.v.....w..v..u..s..q..n..m. 1o....s. 1o... 1o.A~.w..!o.P..q. .m._..o..1o.o..u. 0p.~.!1p...... 1p.:x.z..t. 1o.X..p..+c!0n.l.................}..s..w..q..r..s..m..p..x..r..u..t..p.AJ.....tRNS.E}.xaH-........B.......#..D..\.........$.g....J.%......*....O...<.......)..l.5................O............../..../...q....|....................)......T.~...............=5...nu...........a.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1005

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (3808)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3916
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2749567971703994
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:PMcABYAxCMaruyTOXPaJJccTMSeqdq9HVeGXlY:CDCM2RaSJJzASeIUHVS
                                                                                                                                                                                                                                                                          MD5:E0463BDE74EF42034671E53BCA8462E9
                                                                                                                                                                                                                                                                          SHA1:5EA0E2059A44236EE1E3B632EF001B22D17449F1
                                                                                                                                                                                                                                                                          SHA-256:A58147AEB14487FEF56E141EA0659AC604D61F5E682CFE95C05189BE17DF9F27
                                                                                                                                                                                                                                                                          SHA-512:1D01F65C6A00E27F60D3A7F642974CE7C2D9E4C1390B4F83C25C462D08D4AB3A0B397690169A81EACA08BEA3AEB55334C829AA77F0DBBAD8789ED247F0870057
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/modernizr-2.6.1.js
                                                                                                                                                                                                                                                                          Preview:/* Modernizr 2.6.1 (Custom Build) | MIT & BSD. * Build: http://modernizr.com/download/#-shiv-cssclasses. */.;window.Modernizr=function(a,b,c){function u(a){j.cssText=a}function v(a,b){return u(prefixes.join(a+";")+(b||""))}function w(a,b){return typeof a===b}function x(a,b){return!!~(""+a).indexOf(b)}function y(a,b,d){for(var e in a){var f=b[a[e]];if(f!==c)return d===!1?a[e]:w(f,"function")?f.bind(d||b):f}return!1}var d="2.6.1",e={},f=!0,g=b.documentElement,h="modernizr",i=b.createElement(h),j=i.style,k,l={}.toString,m={},n={},o={},p=[],q=p.slice,r,s={}.hasOwnProperty,t;!w(s,"undefined")&&!w(s.call,"undefined")?t=function(a,b){return s.call(a,b)}:t=function(a,b){return b in a&&w(a.constructor.prototype[b],"undefined")},Function.prototype.bind||(Function.prototype.bind=function(b){var c=this;if(typeof c!="function")throw new TypeError;var d=q.call(arguments,1),e=function(){if(this instanceof e){var a=function(){};a.prototype=c.prototype;var f=new a,g=c.apply(f,d.concat(q.call(arguments)

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1006

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):16087
                                                                                                                                                                                                                                                                          Entropy (8bit):4.969826359236833
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:x32Mu4vUDjHbnZsXGWIS75sTY8M7ebb6qgrrY20jhN3MScuhJ05zb5jzCF+MlF+8:x32L4kzt3gtGb5LQqha31iUTSiq5N
                                                                                                                                                                                                                                                                          MD5:72938851E7C2EF7B63299EBA0C6752CB
                                                                                                                                                                                                                                                                          SHA1:B75196BD3A6F9F4DFC1BBF5E43E96874BCD9CE4E
                                                                                                                                                                                                                                                                          SHA-256:E2D4E0E1D3E162FDC815F16DFFF9AE9B0A967949F0F3AE371F947D730A3F0661
                                                                                                                                                                                                                                                                          SHA-512:2BB6C03A1335EF9514D0D172A4284D82A29D1783A72306BDCB8AF3185D5CD2FF16303355AA4B05086D2FA0B5B7C7159CFA67DE4A6175095FF0E68ADEC2A56AC1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                                                                                                                                                                                                                                                                          Preview:/* Requires jQuery.. *.. * This plugin will create div.jsTooltip elements (or configure your own!) in body for every tooltip on the page. Some.. * basic CSS is applied automagically, but you'll want to style it on your own from there. This code will be applied to.. * every element in your .v_tooltip() selector, so giving it a common selector like '.tooltip' is ideal... *.. * Options:.. * - location: Where the tooltip should spawn in relation to it's parent.. * - offsetN: How many pixels to add.. * - trackMouse: Should we track the mouse cursor instead of the parent?.. * - suppressOnClick: Should we hide if a user clicks the target?.. * - suppressWhileToggled: Should we ignore events if the target has the 'toggled' class?.. * - tooltipClass: css class to apply to tooltip elements.. * - fadeSpeed:.Time (in milliseconds) to spend fading in/out. Set to 0 to disable... * - allowHover: Should we keep the tooltip open if we mouse directly on to the tooltip? (Your tooltip will need to spawn in

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1007

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (54419)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):54558
                                                                                                                                                                                                                                                                          Entropy (8bit):5.466153556058915
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:R0wyRTbvXTTrj7TkS8tQMTLCAn1dXp02zLmYwPRFolzNXaVgPa5h9:R0wyRTbvXTTrj7TR8KMTeAn1dXpLLKRD
                                                                                                                                                                                                                                                                          MD5:CD21A3BF773B59047B159F3D6C8F089D
                                                                                                                                                                                                                                                                          SHA1:0F4D614FE8655EFD8199C6A2985CA6FB172A7A0C
                                                                                                                                                                                                                                                                          SHA-256:277EB5CB851FEF2CC98BFC95A50416CB3CF7CF0D7C15FD318DE2CC08FEE0AC76
                                                                                                                                                                                                                                                                          SHA-512:87A0A103D0EB955CD8C7A47553FE2F12BE8331CC575DB7E7DFBF931957FEFA6417EAB8BD9F1D849A21D0F31CDD23DB57EACAC9973F1BA25C41D73919DB21BE97
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/loader.AppModules.7b2e68ca.js
                                                                                                                                                                                                                                                                          Preview:(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["loader.AppModules","bundle.TrustedFriendsManagement"],{663143:(e,t,s)=>{"use strict";s.d(t,{BH:()=>N,Qj:()=>U,Wc:()=>F,sI:()=>H});var i=s(202784),o=s(882392),n=s(973186),r=s(645184),a=s.n(r),c=s(763014),l=s(90649),p=s(407307),u=s(81921),d=s(833330),h=s(440271),m=s(880166),f=s(62295),b=s(721783);const g=a().a17a75da,_=a().e7342ed4,y=a().b6a43e78,v=a().b469e406,w=a().b8505290,S=({userFullName:e})=>e?i.createElement(a().I18NFormatMessage,{$i18n:"e1a49407"},i.createElement(o.ZP,null,e)):void 0,k=a().ae8b0564,E=({userFullName:e})=>e?i.createElement(a().I18NFormatMessage,{$i18n:"be54ed41"},i.createElement(o.ZP,null,e)):void 0,T=a().f2adab0e,P=({userFullName:e})=>e?i.createElement(a().I18NFormatMessage,{$i18n:"jb19eb17"},i.createElement(o.ZP,null,e)):void 0,A=({userFullName:e})=>e?i.createElement(a().I18NFormatMessage,{$i18n:"bbfee611"},i.createElement(o.ZP,null,e)):void 0,C=a().b7821a74,x=({userFu

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1008

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65405)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):7798784
                                                                                                                                                                                                                                                                          Entropy (8bit):5.621792617193574
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:DjUZLwfqAGk/YwJHqCNFGdxw2DdJ2wgdSA/luQkSdar3cIFAG/7xy/W6cCd1uEKg:fN+xwdlvkoh6zYa0
                                                                                                                                                                                                                                                                          MD5:F9C038F241775852EE2408F007079948
                                                                                                                                                                                                                                                                          SHA1:990E9FF6DB0252F71DA1D44F400AFAB1FA8F7C4B
                                                                                                                                                                                                                                                                          SHA-256:9DEEF4226B559E36991D3C9310686AC96CD61E90CEFB5C89A0CAE7341EB8F648
                                                                                                                                                                                                                                                                          SHA-512:909BE7EF921E12852C3698F2F756A513849135597AC497E9F5EDE71B705BB1C48DDE5C6108A5EA26F26BBED6C6CDFEB4D1DA52D9CF33A4E0B22FF700365BDC46
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/desktop_polymer.vflset/desktop_polymer.js
                                                                                                                                                                                                                                                                          Preview:(function(){./* HTML content inlined from HTML import */.const d=document.createElement("div");.d.setAttribute("inlined-html","");.const finalStyleText="html:not(.style-scope) {\n --primary-text-color: var(--light-theme-text-color);\n --primary-background-color: var(--light-theme-background-color);\n --secondary-text-color: var(--light-theme-secondary-color);\n --disabled-text-color: var(--light-theme-disabled-color);\n --divider-color: var(--light-theme-divider-color);\n --error-color: #dd2c00;\n --primary-color: #3f51b5;\n --light-primary-color: #c5cae9;\n --dark-primary-color: #303f9f;\n --accent-color: #ff4081;\n --light-accent-color: #ff80ab;\n --dark-accent-color: #f50057;\n --light-theme-background-color: #fff;\n --light-theme-base-color: #000;\n --light-theme-text-color: #212121;\n --light-theme-secondary-color: #737373;\n --light-theme-disabled-color: #9b9b9b;\n --light-theme-divider-color: #dbdbdb;\n --dark-theme-background-color: #212121;\n --dark-theme-b

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1009

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):253
                                                                                                                                                                                                                                                                          Entropy (8bit):5.300969123782848
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:ljyW7Z3XCHyXDQRFRWQF9SHZTMVg0JYJvYzDy:zF3XC3r7zS5TqrovYK
                                                                                                                                                                                                                                                                          MD5:1E39D2144E0847E1028138795564187A
                                                                                                                                                                                                                                                                          SHA1:0F358A4D5EC5F943D259C1200B56EB1E37777547
                                                                                                                                                                                                                                                                          SHA-256:E9046A36C41C177119476547EF414C8935D0ACCB96D995F2F5C007DA264690BC
                                                                                                                                                                                                                                                                          SHA-512:77FB445A6CE8D98EAB41E0933A2ECDA604CA555B25B15B9BED38FC62ADE89821213F6F26AC42673782C633BD3B77A1AC1D88CFD856CF92918487BD89C20443E1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3/yx/r/ZbF-cixpknt.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("WebBloksFalcoPolicyData",[],(function(a,b,c,d,e,f){"use strict";var g={};function a(a){Object.keys(a).forEach(function(b){g[b]==null&&(g[b]=a[b])})}function b(a){a=g[a];return a==null?{r:1}:a}c={add:a,get:b};f["default"]=c}),66);

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1010

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65371), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):90061
                                                                                                                                                                                                                                                                          Entropy (8bit):5.325309629846865
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:TBJtuswr048dCHASHY9ZmruYYmF0qwSds2lyUYt7LvXB60I7cxe3tHJq6J3FyPf4:O
                                                                                                                                                                                                                                                                          MD5:31F64A4A75C519E592B3908B556F3664
                                                                                                                                                                                                                                                                          SHA1:4C7E22C921D98E098A19C0AD8D69FF09A00B5489
                                                                                                                                                                                                                                                                          SHA-256:530FFF2EF471C3BC630C2D6B2E1D23AC1A17FAD963DC6B7646B8C1324DD433D9
                                                                                                                                                                                                                                                                          SHA-512:FF24F75FCD02300FEDBEBB6E94406E22994514DD70B55FFCC7D3436A8E3BE37FA08B7757433DDF1371C6CD4C5FD54E1227CB46E5D27E0FFBD31AB40D1B45CA1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~f036ce556.js?contenthash=daac4f5fd23837d22074
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[6588],{59223:(e,r,t)=>{var i=t(99928),n=t(62679),a=function(e,r){var t=new i((r=r||{}).typeNumber||-1,r.errorCorrectLevel||n.H);return t.addData(e),t.make(),t};a.ErrorCorrectLevel=n,e.exports=a},72529:(e,r,t)=>{var i=t(83415);function n(e){this.mode=i.MODE_8BIT_BYTE,this.data=e}n.prototype={getLength:function(e){return this.data.length},write:function(e){for(var r=0;r<this.data.length;r++)e.put(this.data.charCodeAt(r),8)}},e.exports=n},6438:e=>{function r(){this.buffer=new Array,this.length=0}r.prototype={get:function(e){var r=Math.floor(e/8);return 1==(this.buffer[r]>>>7-e%8&1)},put:function(e,r){for(var t=0;t<r;t++)this.putBit(1==(e>>>r-t-1&1))},getLengthInBits:function(){return this.length},putBit:function(e){var r=Math.floor(this.length/8);this.buffer.le

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1011

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17053), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):17053
                                                                                                                                                                                                                                                                          Entropy (8bit):5.571287260778202
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:57z335WxIu1ZXAZW9Oo3yixHAmwztJVFZ53oZkdJiX9G/hh:Bzwt1LEmwlWXc
                                                                                                                                                                                                                                                                          MD5:7A9B6C314363F6D581F5919E4AB8E518
                                                                                                                                                                                                                                                                          SHA1:1A499C26A13BE13CF272B184043953362B4C1E5E
                                                                                                                                                                                                                                                                          SHA-256:5BAC92308FC46C5E0D26A87335CF69D7F86EE2CE712F7643C44D5C34FB036944
                                                                                                                                                                                                                                                                          SHA-512:A62A5851C81AFE201CD5204D6A70F144DF645D6CF7BB4F85C9462D87C5F926B406E5B710B1AF54559F5F6BEC904492ED17EC5FD32B6BB8FECDAA0B0C374DA1AC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/js/bg/W6ySMI_EbF4NJqhzNc9p1_hu4s5xL3ZDxE1cNPsDaUQ.js
                                                                                                                                                                                                                                                                          Preview:/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var q=this||self,e=function(y){return y},z=function(y,G){if(G=(y=q.trustedTypes,null),!y||!y.createPolicy)return G;try{G=y.createPolicy("bg",{createHTML:e,createScript:e,createScriptURL:e})}catch(E){q.console&&q.console.error(E.message)}return G};(0,eval)(function(y,G){return(G=z())&&1===y.eval(G.createScript("1"))?function(E){return G.createScript(E)}:function(E){return""+E}}(q)(Array(7824*Math.random()|0).join("\n")+'(function(){var b=function(y,G,E){if(320==y||58==y)G.o[y]?G.o[y].concat(E):G.o[y]=yT(G,E);else{if(G.NS&&273!=y)return;148==y||334==y||455==y||493==y||298==y||167==y?G.o[y]||(G.o[y]=GU(y,54,E,G)):G.o[y]=GU(y,81,E,G)}273==y&&(G.W=v(false,32,G),G.G=void 0)},q2=function(y,G,E,e,Q,Z){function q(){if(y.i==y){if(y.o){var z=[B,e,E,void 0,Q,Z,arguments];if(2==G)var S=c(y,false,(p(z,y),false));else if(1==G){var l=!y.N.length;p(z,y),l&&c(y,false,false)}else S=Ei(z,y);return S}Q&&Z&

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1012

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4897)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5056
                                                                                                                                                                                                                                                                          Entropy (8bit):5.340675560570293
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:V2GAE2oHwKKH2hXeR3ys3xmNGKAVeIuiypwVHsItTdDkG:VbRQ2peeGKgeNiyU9N
                                                                                                                                                                                                                                                                          MD5:F5F92220DB4ED35266715C3A65D763F8
                                                                                                                                                                                                                                                                          SHA1:23E1F3D1D6BE83176A9433A7C3AB71AFDFECE4AD
                                                                                                                                                                                                                                                                          SHA-256:32EDDEF7E1864C675DB835E66B1CB4086B2F11F912F1D1CFD64778B6DBFC891B
                                                                                                                                                                                                                                                                          SHA-512:E7A7E7732B787D89EE41A3193AD507EC2FEB43729DA38AEF7FC203D58ED578D6CA551B841AE369C745A9DF10F08534EF34C5C57B653BBB591E968150AE536D00
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AppModules~bundle.LoggedOutHome.d01aaaaa.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AppModules~bundle.LoggedOutHome"],{907604:(e,t,n)=>{n.d(t,{Z:()=>s});n(906886);var o=n(202784),i=n(107267),r=n(354987),a=n(554882),c=n(567304);function l(e){return!["/i/flow/login"].includes(e)}const s=(0,a.Z)((function(e={hideCookieBannerPicker:!1}){const t=function(){const e=(0,i.TH)(),[t,n]=o.useState((()=>l(e.pathname)));return o.useEffect((()=>{n(l(e.pathname))}),[n,e]),t}();return!e.hideCookieBannerPicker&&t?o.createElement(r.Z,null,o.createElement(c.Z,null)):null}))},567304:(e,t,n)=>{n.d(t,{Z:()=>Z});var o=n(202784),i=n(401477),r=n(539466),a=n(348501),c=(n(906886),n(325686)),l=n(882392),s=n(872973),u=n(229496),d=n(973186),p=n(645184),m=n.n(p),w=n(206149),f=n(460673),b=n(544337);const g=m().d8817e36,h=m().b9288ee6,k=m().i1390ec2,C={page:"cookie_compliance_banner"};function x(){const e=o.createElement(m().I18NFormatMessage,{$i18n:"e4af7661"},o.createElement(l.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1013

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1430
                                                                                                                                                                                                                                                                          Entropy (8bit):6.915444207165524
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:2C1hkyaWwjx82lY2T3RVag7yJ3VR7GmXF54+mC8yq8/23CMwMIE+b8Dllc:HZNn2lpWJ3nnwDNmlPbUI
                                                                                                                                                                                                                                                                          MD5:AFC159FE5F0F26FA7282505DA9887CC3
                                                                                                                                                                                                                                                                          SHA1:C1CD55380C2AF435876989F94E8B0715042C2ADE
                                                                                                                                                                                                                                                                          SHA-256:4BE942A34871DD6F8F14B43D27C31B049BE7F6544C05685D4F35ABDD329DE176
                                                                                                                                                                                                                                                                          SHA-512:8F7DCB7E99CEED8F86575A05FF7D329EE2FC67CD18C6D53B2833A6AA1EEDE2586D57688F27901D941D2B6351412957468CCE5CA69101D86911390BF04FD82763
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/images/ico/ico_twitter.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...'iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899777, 2023/06/25-23:57:14 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 25.1 (Windows)" xmpMM:InstanceID="xmp.iid:6E745BD792D411EE8F80E4F5B5148EC9" xmpMM:DocumentID="xmp.did:6E745BD892D411EE8F80E4F5B5148EC9"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6E745BD592D411EE8F80E4F5B5148EC9" stRef:documentID="xmp.did:6E745BD692D411EE8F80E4F5B5148EC9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>{KL.....IDATx.b..U.d``.......@...4.....0.4.9...[`...e.5U...6V..G..d.....I2.].......?y.............^./....&.....

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1014

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):33738
                                                                                                                                                                                                                                                                          Entropy (8bit):5.263546738678096
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:1rv31+3R8zIF/3doix2R1pW81qWZRhcJGMJhpJfS2:FpP1vZRxGzS2
                                                                                                                                                                                                                                                                          MD5:0ABAE40EE6CFA8B72ABFB79829D53400
                                                                                                                                                                                                                                                                          SHA1:E87D3AA5EBFEAC3D486FB3D9913A81BE19AF3762
                                                                                                                                                                                                                                                                          SHA-256:C54F7E964FABEFC31C2DF4864777DB262E62C3236A293FBD075DEAF1D538C2ED
                                                                                                                                                                                                                                                                          SHA-512:A347D51254A5BA555F5CFCFFAAEB40F687C549B8E2C76EAF98F4E4522A8F5AE5A358F10119608C2657E30176D4675FD11C2670DD3F923BD788F8D30CA45A5575
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/css/buttons.css?v=CrrkDubPqLcq&l=english
                                                                                                                                                                                                                                                                          Preview:.btn_green_white_innerfade {...border-radius: 2px;...border: none;...padding: 1px;...display: inline-block;...cursor: pointer;...text-decoration: none !important;...color: #D2E885 !important;........background: #a4d007;.....background: -webkit-linear-gradient( top, #a4d007 5%, #536904 95%);..background: linear-gradient( to bottom, #a4d007 5%, #536904 95%);..}......btn_green_white_innerfade > span {....border-radius: 2px;....display: block;...........background: #799905;.....background: -webkit-linear-gradient( top, #799905 5%, #536904 95%);..background: linear-gradient( to bottom, #799905 5%, #536904 95%);....}.....btn_green_white_innerfade:not(.btn_disabled):not(:disabled):not(.btn_active):not(.active):hover {...text-decoration: none !important;...color: #fff !important;........background: #b6d908;.....background: -webkit-linear-gradient( top, #b6d908 5%, #80a006 95%);..background: linear-gradient( to bottom, #b6d908 5%, #80a006 95%);..}......btn_green_white_innerfade:not(.btn_disable

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1015

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (59708)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):672510
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3302376849262485
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:72vbKMTXknP0zB4Y/PHKiMAs4jFNuiUm3Fq6yni+Qn6lVkC2xn5qLSCZkRI6qVwy:722MzU8fKzAs4J8A8ZEk9
                                                                                                                                                                                                                                                                          MD5:BCE05C1572D72A6A2B3BCEB4A41F9410
                                                                                                                                                                                                                                                                          SHA1:32B9E0B58BE70FB53F800AB5F77B60C433F5E1E2
                                                                                                                                                                                                                                                                          SHA-256:326CFAFE9A79877ADBEFE9B37CDD7054CACF6F339DC1F5B8E9F6259EE86B240C
                                                                                                                                                                                                                                                                          SHA-512:3B5C628398AB51B2671C903A94DB1C24890113C35ADA33565100BF88C5CE4A39E942698329B45947611F6E857EE27C3F5918B55F2CCBBB5808B5CD558EDD0C73
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://static.cdninstagram.com/rsrc.php/v3/ys/l/0,cross/jUB1nDur7Ne.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                                                                                          Preview:form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{-webkit-appearance:none;border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px}textarea{max-width:100%}select{border:1px solid #ccd0d5;padding:2px}input,select,textarea{background-color:#fff;color:#1c1e21}.inputtext,.inputpassword{padding-bottom:4px}.inputtext:invalid,.inputpassword:invalid{box-shadow:none}.inputradio{margin:0 5px 0 0;padding:0;vertical-align:middle}.inputcheckbox{border:0;vertical-align:middle}.inputbutton,.inputsubmit{background-color:#4267b2;border-color:#DADDE1 #0e1f5b #0e1f5b #d9dfea;border-style:solid;border-width:1px;color:#fff;padding:2px 15px 3px 15px;text-align:center}.inputaux{background:#ebedf0;border-color:#EBEDF0 #666 #666 #e7e7e7;color:#000}.inputsearch{background:#FFFFFF url(/rsrc.php/v3/yL/r/unHwF9CkMyM.png) no-repeat left 4px;padding-left:17px}.html{touch-action:manipulation}body{back

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1016

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):235
                                                                                                                                                                                                                                                                          Entropy (8bit):4.958131139883103
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:KdROL1FQuXX6C8Vo+nViARCtUdROLAeEM:Krg1W1C8VRnEARXrgAeEM
                                                                                                                                                                                                                                                                          MD5:740FBAFD7618E09184062BA17C30591A
                                                                                                                                                                                                                                                                          SHA1:EB20E6E5DDDCF24CB66757B7C98F0EC26570BDA7
                                                                                                                                                                                                                                                                          SHA-256:F6FAF355445F30ACE49BDDEE3BC3706E1988F58561B2A6E3356A4299BEF5BC95
                                                                                                                                                                                                                                                                          SHA-512:BC44113D0A0A5A9D812616C481AAC304DEE639025CA1A41F8ED289C859EEB5D113CFB1054E8316C07161FC1BF31B69A3469E23B120D35955D7DECB2007EDF25A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/css/applications/community/login.css?contenthash=120ef11d3786830c5571
                                                                                                                                                                                                                                                                          Preview:............login_LoginContainer_2vAS_{padding-top:80px;padding-bottom:150px;display:flex;flex-direction:column;align-items:center}@media screen and (max-width: 700px){.login_LoginContainer_2vAS_{padding-top:12px;padding-bottom:0px}}..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1017

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):24657
                                                                                                                                                                                                                                                                          Entropy (8bit):5.319718503552118
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:aUXvnJo2dacv5Wc4gOV+n0Xmz85JX1c/jc0NL+lMF2KDnXhOMucpqWqGil/wSwf3:aU/nq2dd4gmLWqGil/wS20m
                                                                                                                                                                                                                                                                          MD5:A52BC800AB6E9DF5A05A5153EEA29FFB
                                                                                                                                                                                                                                                                          SHA1:8661643FCBC7498DD7317D100EC62D1C1C6886FF
                                                                                                                                                                                                                                                                          SHA-256:57CFAF9B92C98541F769090CD0229A30013CEA7CFAFC18519CA654BFAE29E14E
                                                                                                                                                                                                                                                                          SHA-512:1BCACD0EC7C3D633D6296FFF3325802D6352805F0D2CF1EEA39237424229ECFFAD6CB2AEE4248E28B1ECA02FF0646B58240851A246BBCF0AA1083830D5D9081E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english
                                                                                                                                                                                                                                                                          Preview:"use strict";....// build our menu on init..jQuery( function($) {...var mqQueryMenuMode = window.matchMedia ? window.matchMedia("(max-width: 910px)") : {matches: false};...var mqMobileMode = window.matchMedia ? window.matchMedia("(max-width: 500px)") : {matches: false};.....var $HTML = $J('html');...window.UseTouchFriendlyMode = function() {....return $HTML.hasClass( 'responsive' ) && ( mqQueryMenuMode.matches || $HTML.hasClass('touch') );...};...window.UseSmallScreenMode = function() {....return $HTML.hasClass( 'responsive' ) && mqQueryMenuMode.matches;...};...window.UseMobileScreenMode = function() {....return $HTML.hasClass( 'responsive' ) && mqMobileMode.matches;...};...window.UseTabletScreenMode = function() {....return $HTML.hasClass( 'responsive' ) && $HTML.hasClass( 'tablet' );...};...window.UseNewMobileAppMode = function() {....// the new mobile app can run on screen widths wider than responsive_css_maxwidth....return $HTML.hasClass( 'responsive' ) && $HTML.hasClass( 'rn_mobil

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1018

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3070)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3430
                                                                                                                                                                                                                                                                          Entropy (8bit):5.228848301294857
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:QkPhnIR6BefJtJUXsbaFOydoCLjFghgoDUZFzb:9nIwMRtCXsb+OydPWhgoDUb
                                                                                                                                                                                                                                                                          MD5:8790140660A234B25F9418FE98D1B209
                                                                                                                                                                                                                                                                          SHA1:F08EBFA04B6301507963A5340BE6ADB2C730F6B4
                                                                                                                                                                                                                                                                          SHA-256:14F99E7D93BEBD32147F272322E6AB8BADEA24B39DADA3927B6FC820DB7CD352
                                                                                                                                                                                                                                                                          SHA-512:ECAFF9FD9B5CB522D8E22E7B1D101158B32C481897AD63C15CD0975F9D7B73B59D5F402686D154F17C9699847D466476ACFDF3DE344BF6125994DF9824E5EE9B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/js/45.039779e9.chunk.js
                                                                                                                                                                                                                                                                          Preview:.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="791f96e1-87a7-5bdd-a615-bf0237ca9752")}catch(e){}}();.(this["webpackJsonpaccountportal-node-website"]=this["webpackJsonpaccountportal-node-website"]||[]).push([[45],{1730:function(e,t,n){"use strict";n.r(t);var r=n(12),c=n(0),i=n.n(c),o=n(317);var u=n(155),a=n(212),f=0;function s(){var e=f;return f++,e}var l=function(e){var t=e.children,n=e.initial,r=e.isPresent,i=e.onExitComplete,o=e.custom,f=e.presenceAffectsLayout,l=Object(a.a)(b),d=Object(a.a)(s),m=Object(c.useMemo)((function(){return{id:d,initial:n,isPresent:r,custom:o,onExitComplete:function(e){l.set(e,!0);var t=!0;l.forEach((function(e){e||(t=!1)})),t&&(null===i||void 0===i||i())},register:function(e){return l.set(e,!1),function(){return l.delete(e)}}}}),f?void 0:[r]);return Object(c.useMemo)((function(){l.forEach((functio

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1019

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3777
                                                                                                                                                                                                                                                                          Entropy (8bit):7.855078020337897
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:W5Zsk8bb6l5qnCoghGfkm37QP00rqGDXrg/sG3vUx+Iocg2fkjGfkjky:W5H8o5qe0Mu7600WiXE/v3ve+Is2MjGm
                                                                                                                                                                                                                                                                          MD5:EABC76EB57FEAE44ADD7FAEAD028521E
                                                                                                                                                                                                                                                                          SHA1:4E3E53938FAD15661D2D046A868338841A95DB19
                                                                                                                                                                                                                                                                          SHA-256:FC9E6260A2706AE146282D77E67BC1B74688435F8912AB4C1932641EEC28BFFA
                                                                                                                                                                                                                                                                          SHA-512:5C6DA6EEEFDDF321C2BC7E39A134E0A3140A9F93AD1560B2E102EF60EC218C29AAE14ED344C79E25CC5493CD15551040D8C909DE28DCAB02034D787563104E07
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...cIDATx..._LTg...w.i........Vmk.6X....i..F..{...^..^4Mz..6ml..nb ]....e.a....v..)...a.E.).#..>.0.3g.Kww8/..'y.g........sf.....W.2.... ...4....@......@...h... ...4....@. ....@...h... ...4....@. ....@...h......2....P^^...sVEE....r..={f.K....I...F#R...g..vN..k...%.Oj..6...h.:"...0......K.E..G..."..@.x..w.*...'."_..A...L.r....I..W........^H...Q...:;..h4j.z..8..,..a/...w.Fm.Meg.C.a.|..w.....u.`.zM.U.=....4e...=.U.....[.h.z..j...Te.a..z...+RUR.8.N.u.INN..o?a........E...o}.#...._....Oc..=.Orr.&.!;;[=..3..q.....?H...0{.S._m.B..(.6.Rm.)...]..%....3..c..Dk.M..z.%.c..NTd...}..90..tj.v.#.L..M.t.uc.<>..3..;..:..G..9..I.....%.@.`..d....@...h.@. ...4`6...M.@'.n......I/z`5>>.K...X7Z.Z.....5.7..h+.N.h....gS...8...........@..Njj.}....'...{`...'T{....mmm'.t2....?V..=C.......=b......`|s.@'zC.N......."..>k...M......)...}....?.r...+z.x....JTII.....4.O_....s..?>W..?.O.....`...t{...r..Z

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1020

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (667), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):832
                                                                                                                                                                                                                                                                          Entropy (8bit):5.491865557414702
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:+Tuj0z//T19x54fRZpRah/iOsViPRr6OxUR+6pP:+Tuj0//T1LKLah/yVqeP
                                                                                                                                                                                                                                                                          MD5:3DE5C49AE9B3B874A652E2EF908DE955
                                                                                                                                                                                                                                                                          SHA1:2E313A7D9BBCE79640FE78E833207B9A8771AAFE
                                                                                                                                                                                                                                                                          SHA-256:5DCA79FE7CE1DCB0A9245BCF3FD25FC98B48AB4E1B92F43D9AB048FC29B55ED1
                                                                                                                                                                                                                                                                          SHA-512:FE1E322E43C7E751A4095A7585F92B763B40D302BD125BC8C65F9FFA4CF15F92C8202036B72F761012A31CE7D3190518CE39ADBCA889E052B0B05878DC3D2E93
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/login.js?contenthash=bd2c49ee53d7ca21805d
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkstore=self.webpackChunkstore||[]).push([[4535],{24125:e=>{e.exports={LoginContainer:"login_LoginContainer_2kLRm"}},9084:(e,t,n)=>{"use strict";n.r(t),n.d(t,{default:()=>c});var r=n(47427),o=n(99327),a=n(77581),i=n(37563),s=n(35791),l=n(24125);function c(e){const{redirectUrl:t=i.De.STORE_BASE_URL}=e,[n]=(0,r.useState)(new a.J(i.De.WEBAPI_BASE_URL).GetAnonymousServiceTransport()),[c,u]=(0,r.useState)(!1);return r.createElement("div",{className:l.LoginContainer},c?r.createElement(o.pT,null):r.createElement(o.wK,{autoFocus:!0,transport:n,platform:2,onComplete:e=>{e==s.TG.k_PrimaryDomainFail?u(!0):window.location.assign(t)},redirectUrl:t}))}}}]);

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1021

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (32588)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):71201
                                                                                                                                                                                                                                                                          Entropy (8bit):5.772169765184667
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:SBZJygeadsCni+N6woTnHAPIZe/SGiQhCbNjrZBym0pzRR6mY75WAEUui8G8b5sr:GJyolcw5hvigCxm5G8bS/rf
                                                                                                                                                                                                                                                                          MD5:695F9B7ED7EE0C8AEF329C148CBD6BAD
                                                                                                                                                                                                                                                                          SHA1:C6F7547D1CB3036266F13DBCB3BCEF855E235D09
                                                                                                                                                                                                                                                                          SHA-256:D6FA06E2419FB00E179794C2CC6770FDD6E31A7C5FD90C63CA2A6CDFBEE761F2
                                                                                                                                                                                                                                                                          SHA-512:95C8E1AEF2C958769048B155299FEC96677D8677F1579C96A7AFF571884CB50F22FFDFFE0889A31665B05E9929A48FB5AAF6C65801D1096A525DC943A10E432D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yq/r/6bjw9N12j0I.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("LoggedOutSwitchingLocaleTypedLogger",["Banzai","GeneratedLoggerUtils"],(function(a,b,c,d,e,f){"use strict";a=function(){function a(){this.$1={}}var c=a.prototype;c.log=function(a){b("GeneratedLoggerUtils").log("logger:LoggedOutSwitchingLocaleLoggerConfig",this.$1,b("Banzai").BASIC,a)};c.logVital=function(a){b("GeneratedLoggerUtils").log("logger:LoggedOutSwitchingLocaleLoggerConfig",this.$1,b("Banzai").VITAL,a)};c.logImmediately=function(a){b("GeneratedLoggerUtils").log("logger:LoggedOutSwitchingLocaleLoggerConfig",this.$1,{signal:!0},a)};c.clear=function(){this.$1={};return this};c.getData=function(){return babelHelpers["extends"]({},this.$1)};c.updateData=function(a){this.$1=babelHelpers["extends"]({},this.$1,a);return this};c.setIndex=function(a){this.$1.index=a;return this};c.setNewLocale=function(a){this.$1.new_locale=a;return this};c.setOldLocale=function(a){this.$1.old_locale=a;return this};c.setReferrer=function(a){this.$1.referrer=a;return this};return a

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1022

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):333171
                                                                                                                                                                                                                                                                          Entropy (8bit):5.407876478759417
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:IJh2Tqag34oMzauR7bfLdzP+G6d9HupoY1ec:ch2TqGjdadW
                                                                                                                                                                                                                                                                          MD5:705FD46CECBFC34CF47D7787A187C9C2
                                                                                                                                                                                                                                                                          SHA1:C5D2B8C849F24C86914B699C3910491D6F442E47
                                                                                                                                                                                                                                                                          SHA-256:BFDDFAA2AB1194B21F6935CBEB6B5F004127AD05D1BB513FDCBE49EA0C04EFE6
                                                                                                                                                                                                                                                                          SHA-512:9C2EEA9955EE69E967930C208630AD655931BE59D4795A8578CD31F433D55490C07D4A2720F784B744ACEF7B23FF1A41028BD0E88ABD6DEC2D6B73B45CFE1071
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AudioDock~loader.DMDrawer~bundle.ReaderMode~bundle.AudioSpacePeek~bundle.AudioSpaceAnalytics~bu.c04fd1ca.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AudioDock~loader.DMDrawer~bundle.ReaderMode~bundle.AudioSpacePeek~bundle.AudioSpaceAnalytics~bu","icons/IconChevronRight-js","icons/IconCircleFill-js","icons/IconClockCircleFill-js","icons/IconCloseCircleFill-js","icons/IconCloseNoMargin-js","icons/IconFeedback-js","icons/IconFollowArrowLeft-js","icons/IconFollowArrows-js","icons/IconPin-js","icons/IconPromotedPill-js","icons/IconSortUp-js","icons/IconSparkle-js"],{970828:(e,t,i)=>{i.d(t,{Z:()=>n});i(202784);const n=i(115954).Z},931573:(e,t,i)=>{i.d(t,{Z:()=>a});var n=i(202784),r=i(300679);function o(e){return n.createElement(r.ZP,e)}o.sensitiveMediaTombstoneConfig=r.xh,o.sensitiveMediaWarningTombstoneConfig=r.ui;const a=o},870628:(e,t,i)=>{i.d(t,{Z:()=>n});i(202784);const n=i(262002).Z},485234:(e,t,i)=>{i.d(t,{Z:()=>n});i(202784),i(906886);const n=(0,i(656499).Z)({loader:()=>Promise.all([i.e("shared~loader.AudioDo

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1023

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                          Entropy (8bit):3.75
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H0hCkY:UUkY
                                                                                                                                                                                                                                                                          MD5:AFB69DF47958EB78B4E941270772BD6A
                                                                                                                                                                                                                                                                          SHA1:D9FE9A625E906FF25C1F165E7872B1D9C731E78E
                                                                                                                                                                                                                                                                          SHA-256:874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
                                                                                                                                                                                                                                                                          SHA-512:FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAl_Jiy42EDGqRIFDVNaR8U=?alt=proto
                                                                                                                                                                                                                                                                          Preview:CgkKBw1TWkfFGgA=

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1024

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65507)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):70794
                                                                                                                                                                                                                                                                          Entropy (8bit):5.337881754056821
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:CM/NlQ+vmwdRdO9Ng5tKUyUIvVCf+u8TinAjiL6qxzNfWyQXj:CShtHmUpfWyo
                                                                                                                                                                                                                                                                          MD5:D8174377DA737B8FABBF946F982C57D2
                                                                                                                                                                                                                                                                          SHA1:337A38513ACFB009CB3D15560D337220A7DE4920
                                                                                                                                                                                                                                                                          SHA-256:6AE30CB1AB74D66217A576B78124E053906F0A93CBF2D9F0AD398518F8442264
                                                                                                                                                                                                                                                                          SHA-512:1C1EE8AFC512CD01CF8CA827C6C200D3DFCA924E87CB198F564BD9FEF28192754153828948E0678927DA1F4D353D3D65EE4777E3EBA103D613BFFC2E65320BBF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/js/pa.js
                                                                                                                                                                                                                                                                          Preview:/*@ 2024 PayPal (v1.8.12) */.!function(){"use strict";function e(e,t){var n,r=Object.keys(e);return Object.getOwnPropertySymbols&&(n=Object.getOwnPropertySymbols(e),t&&(n=n.filter(function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable})),r.push.apply(r,n)),r}function s(r){for(var t=1;t<arguments.length;t++){var i=null!=arguments[t]?arguments[t]:{};t%2?e(Object(i),!0).forEach(function(t){var e,n;e=r,n=i[t=t],(t=function(t){t=function(t,e){if("object"!=typeof t||null===t)return t;var n=t[Symbol.toPrimitive];if(n===undefined)return("string"===e?String:Number)(t);t=n.call(t,e||"default");if("object"!=typeof t)return t;throw new TypeError("@@toPrimitive must return a primitive value.")}(t,"string");return"symbol"==typeof t?t:String(t)}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n}):Object.getOwnPropertyDescriptors?Object.defineProperties(r,Object.getOwnPropertyDescriptors(i)):e(Object(i)).forEach(function(t){Object.defineProperty(

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1025

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2301
                                                                                                                                                                                                                                                                          Entropy (8bit):4.8189346742339
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:YyNLxLULtPLwOIN36SwLEe2SwL1YSwLvNSwLJeuSwLVJe7SwL7SwLtLYLkLliLGf:hyEDN3/eM6m//VzHNcZq7d
                                                                                                                                                                                                                                                                          MD5:468BCAFF001D77BE0BFF0FD0A60EB00C
                                                                                                                                                                                                                                                                          SHA1:8172E13793A238DBA50C01789934ED9AC8BDD8B8
                                                                                                                                                                                                                                                                          SHA-256:1FFECD8168BB6CE3FC655223764AD4B432D5050DD665CADB36093F5C7D91937F
                                                                                                                                                                                                                                                                          SHA-512:1F3DE85E87132144D99F643737FCA74BDF0227C67EEF8B02BE0C0C14DB1E8DC873059465C4C18940A24ACFCF9AD192D551F704963B1A755954F75A8B110A540A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.epicgames.com/id/api/i18n?ns=epic-consent-dialog
                                                                                                                                                                                                                                                                          Preview:{"cancel":"Cancel","allow":"Allow","deny":"Deny","authorize.epicid.title":"Use {{clientName}} With Your Epic Games Account","authorize.epicid.platform.title":"Use Your {{clientName}} Account With Your Epic Games Account","authorize.epicid.scopes":"With your permission Epic Games will:","authorize.epicid.scopes.profile.7":"Share your {{0}}, {{1}}, {{2}}, {{3}}, {{4}}, {{5}}, and {{6}} with this application.","authorize.epicid.scopes.profile.6":"Share your {{0}}, {{1}}, {{2}}, {{3}}, {{4}}, and {{5}} with this application.","authorize.epicid.scopes.profile.5":"Share your {{0}}, {{1}}, {{2}}, {{3}}, and {{4}} with this application.","authorize.epicid.scopes.profile.4":"Share your {{0}}, {{1}}, {{2}}, and {{3}} with this application.","authorize.epicid.scopes.profile.3":"Share your {{0}}, {{1}} and {{2}} with this application.","authorize.epicid.scopes.profile.2":"Share your {{0}} and {{1}} with this application.","authorize.epicid.scopes.profile.1":"Share your {{0}} with this application.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1026

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65371), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):90053
                                                                                                                                                                                                                                                                          Entropy (8bit):5.325215675486818
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:0BJtuawr048dCHASHY9ZmruYYmF0qwSds2lyUYt7LvXB60I7cxe3tHJq6J3FyPfK:b
                                                                                                                                                                                                                                                                          MD5:F1C5E54E5DCA7D541030DFCD530CC873
                                                                                                                                                                                                                                                                          SHA1:314175846D1748091D83026038BCF20B2BFA73A7
                                                                                                                                                                                                                                                                          SHA-256:E81DB964EFB4F5AEA3FC8D868EE07A6AC6AA4CC7CF07FB83E02F9196D675AF11
                                                                                                                                                                                                                                                                          SHA-512:0CBAAB1416EEDB7DDF7A70228E77587C246D3090364F9C179539255168436ABC4D8187FBFA20A1AE2E1B2E8E91859255F475A3D3E4991501502958A595970FC7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/libraries~9216830f7.js?contenthash=93714f0e965b57dbab2d
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkstore=self.webpackChunkstore||[]).push([[3980],{59223:(e,r,t)=>{var i=t(99928),n=t(62679),a=function(e,r){var t=new i((r=r||{}).typeNumber||-1,r.errorCorrectLevel||n.H);return t.addData(e),t.make(),t};a.ErrorCorrectLevel=n,e.exports=a},72529:(e,r,t)=>{var i=t(83415);function n(e){this.mode=i.MODE_8BIT_BYTE,this.data=e}n.prototype={getLength:function(e){return this.data.length},write:function(e){for(var r=0;r<this.data.length;r++)e.put(this.data.charCodeAt(r),8)}},e.exports=n},6438:e=>{function r(){this.buffer=new Array,this.length=0}r.prototype={get:function(e){var r=Math.floor(e/8);return 1==(this.buffer[r]>>>7-e%8&1)},put:function(e,r){for(var t=0;t<r;t++)this.putBit(1==(e>>>r-t-1&1))},getLengthInBits:function(){return this.length},putBit:function(e){var r=Math.floor(this.length/8);this.buffer.length<=r&

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1027

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):249446
                                                                                                                                                                                                                                                                          Entropy (8bit):5.470579685220208
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:IVyBYOfI26udxTWTcTEDM2j16TcTEDM2ilGb+UPhHo6CmEMDWwyF:oyBzZ3dNo6CFMqwyF
                                                                                                                                                                                                                                                                          MD5:3A9B92C1093DEB1F83F57CE9387856F3
                                                                                                                                                                                                                                                                          SHA1:375489BE5E642B11E62149F791C3DF5C66B6CFBA
                                                                                                                                                                                                                                                                          SHA-256:F5D13C67089BF5CDBB1B349183598BA8DF4DD95A9CF3187E9FD4172F5F5C36FE
                                                                                                                                                                                                                                                                          SHA-512:6588C81876AB2B528C71AC29CB950D5894DCD71C546A65EDFE8AA0977B2588DC6A8DF2B8A55470C44427A7E61869C6DF67A79B37A59A3A0847F8689D276AD051
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/3gwr64x0h4e06b6c0wej9hqsz
                                                                                                                                                                                                                                                                          Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=105)}({0:function(e,t,n){"use strict";n.d(t,"j",(function(){return a})),n.d(t,"x",(function()

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1028

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1997
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0050192129706
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:syq5exVy+GtySao6qP9PGp161pyRDhKOJUoV0gQ84fTbln:7q5eO+GsSao6UGp8rSVKcUo2gp47bl
                                                                                                                                                                                                                                                                          MD5:1B66EA06B0CCC5574AA1593988231A8C
                                                                                                                                                                                                                                                                          SHA1:FBF4CC6664D86A91D3176E6B2A3DA684FC6E6EDA
                                                                                                                                                                                                                                                                          SHA-256:7173550FD32A664B4075E4C34D8BBCFC3725AFB987CF3DBD7FBA10AFA479A6B5
                                                                                                                                                                                                                                                                          SHA-512:9BF4C1894C7CFCC65690CC70D5A191C1CF073B39D70C3597790143AFCC0CEECDAB71928FFE49FDFF202312A161F38D2779ACF8B5D6D15B6614326D53A47EA068
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/config.js
                                                                                                                                                                                                                                                                          Preview:/* global requirejs:true */.requirejs.config({..deps: ['app'],..paths: {..."jquery":.....'lib/jquery-1.12.4',..."jqueryUI":.....'lib/jquery.ui.mini',..."json":......(typeof JSON === 'undefined') ? 'lib/json2' : 'empty:',..."underscore":....'lib/underscore-1.13.4',..."backbone":.....'lib/backbone-1.5.0.min',..."backboneSubroute":...'lib/backbone-subroute-0.4.5.min',..."dust":......'lib/dust-core',..."nougat":.....'core/nougat',..."BaseView":.....'core/baseView',..."dust-helpers" :...'lib/dust-helpers',..."dust-helpers-supplement":.'lib/dust-helpers-supplement',..."dustmotes-iterate":..'lib/dustmotes-iterate',..."fso-helper":....'lib/fso-helper',..."fso":......'lib/fso',..."browserId":....'lib/bid',...."pageView":.....'view/pageView',..."login":.....'view/login',...'notifications':...'view/notifications',....//Core Components..."lap":......'components/textInput/lap',..."textField":....'components/textInput/textField',...'selectDropdown':...'components/selectDropdown',....//Widgets..."val

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1029

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1586
                                                                                                                                                                                                                                                                          Entropy (8bit):4.971538502379734
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Yj0jutsEgaFs9v8eY2x2UfwhUdt0A66ucXaKUoXab/:Y9ts3aFs90pUbtd79aKpab/
                                                                                                                                                                                                                                                                          MD5:052B9F6B80876F7C32894105E377BA3B
                                                                                                                                                                                                                                                                          SHA1:2018FC66AB3C28A18167B11C547406CF1BBAF89A
                                                                                                                                                                                                                                                                          SHA-256:A7B005C03E9F79AB0D36080925C50F6C101BBBF9853DD849E9A0030A810C89A1
                                                                                                                                                                                                                                                                          SHA-512:2DC6CA28250F1E5A0EF91D677A6732BD64D5D09C930B78AF226823621C0F1A6BDBDE23583C75F69D5101E918D7FAF40ADD7C236B0AA733D3B02F95528D1B3374
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/manifest.webmanifest
                                                                                                                                                                                                                                                                          Preview:{"name":"YouTube","short_name":"YouTube","background_color":"#FFFFFF","display":"minimal-ui","start_url":"/?feature\u003dytca","scope":"/","icons":[{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_144x144.png","sizes":"144x144","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/branding/favicon/favicon_192x192.png","sizes":"192x192","type":"image/png"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_16x16.png","sizes":"16x16","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_32x32.png","sizes":"32x32","type":"image/png","purpose":"monochrome"},{"src":"https://fonts.gstatic.com/s/i/googlematerialicons/video_youtube/v11/white-48dp/1x/gm_video_youtube_white_48dp.png","sizes":"48x48","type":"image/png","purpose":"monochrome"},{"src":"https://www.gstatic.com/youtube/img/web/monochrome/logo_512x512.png","sizes":"512x512","type":"image/png","purpose":"monochrome"}],"theme_color":"#FF0000"

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1030

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:assembler source, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):18015
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2366056948366335
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:gecNNVc4rNORUyWKbntY8XiYXUS2qk2VfVQEOHY46ZMI7Z0wTmEqNXMQJO2:gVfVc4eUyJbnSpYXUS2qk2VfmEOX6ZMN
                                                                                                                                                                                                                                                                          MD5:AB66F66412355F6623D31B87B391E4A3
                                                                                                                                                                                                                                                                          SHA1:071DAED245DBA7D1EE2DFE990FF3D36876FFF43B
                                                                                                                                                                                                                                                                          SHA-256:FEE753FB2578225FC36D43FCD266A52371E723AB45321DE9CE473C89847F2DF3
                                                                                                                                                                                                                                                                          SHA-512:A8FD690CD1EBAE529FE8022B882E2817FC6FCD70A0F24D61AFA5EFBEAAD9ABE68CAD1432293550790771A6206F43CC9C17044F273CFFF857881C64D1D72B2C4B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/css/login.css?v=q2b2ZBI1X2Yj&l=english
                                                                                                                                                                                                                                                                          Preview:...login_modal {...max-width: 502px;...font-family: Arial, Helvetica, sans-serif;...font-size: 12px;..}.....auth_modal_h1 {...color: #67c1f5;...font-size: 24px;...font-weight: normal;..}.....auth_button_h3 {.....font-family: "Motiva Sans", Sans-serif;....font-weight: normal; /* normal */.......font-size: 22px;...font-weight: normal;...color: #ffffff;..}.....auth_button_h5 {...font-size: 13px;...color: #66C0F4;...font-weight: bold;..}.....auth_message_area, .twofactorauth_message_area {...position: relative;...padding-left: 70px;...min-height: 92px;..}.....auth_icon {...position: absolute;...top: 6px;...left: 0px;...width: 67px;...height: 48px;.....background-image: url('https://community.akamai.steamstatic.com/public/shared/images/login/emailauth_icons2.png');...background-repeat: no-repeat;..}.....auth_icon.auth_icon_trash {...background-position: center 0px;..}.....auth_icon.auth_icon_key {...background-position: center -48px;..}.....auth_icon.auth_icon_lock {...background-position:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1031

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:C source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):75995
                                                                                                                                                                                                                                                                          Entropy (8bit):5.330233242624909
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:r1X8E9coqS/zCct2GhRPXE2IbD71SgUeW7vIUncTUDgNpD5qTqGUMIzA:N8+/zCct2GDPXE2IbD71SgUeW7vIUncs
                                                                                                                                                                                                                                                                          MD5:77476E9F4544D16E10921CB9D56067F3
                                                                                                                                                                                                                                                                          SHA1:22677D2DF42EEC873802245EC72BBD8B6896F324
                                                                                                                                                                                                                                                                          SHA-256:FB9B509D020C4C45AD497DE7C4F7D1B22B4E7DC62339927FBF7E32E227932CB7
                                                                                                                                                                                                                                                                          SHA-512:86778E76F67A995D3FD9E4A5A6EDE940F5929A50390D578BD12ABBEEEA8FD94C09C8566C831DD92BB6D13A18ED24CE014416693432DD132207F0972B052C3408
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/727ucpfhmn0jolb3t2h3o5dkj
                                                                                                                                                                                                                                                                          Preview:var _0x41e7=['platformKey','getNavigatorPlatform','productKey','product','productSubKey','productSub','vendor','vendorSubKey','getDoNotTrack','incognitoKey','RequestFileSystem','webkitRequestFileSystem','TEMPORARY','storage','estimate','quota','safariIncognito','localStorage','setItem','test','Firefox','open','onerror','onsuccess','indexedDB','PointerEvent','MSPointerEvent','IE\x20','match','join','replace','OPR','Opera','splice','canvasKey','isCanvasSupported','getCanvasFp','isWebGlSupported','getWebglFp','javascriptsKey','scripts','locationKey','hash','host','href','origin','signalsKey','getSignals','getAdBlock','getHasLiedLanguages','getHasLiedResolution','getHasLiedOs','hasMinFlashInstalled','fonts','swfPath','loadSwfAndDetectFonts','missing\x20options.fonts.swfPath','flash\x20not\x20installed','swf\x20object\x20not\x20loaded','jsFontsKey','monospace','serif','Andale\x20Mono','Arial','Arial\x20Hebrew','Arial\x20MT','Arial\x20Narrow','Arial\x20Rounded\x20MT\x20Bold','Arial\x20Unicod

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1032

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (574)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3448
                                                                                                                                                                                                                                                                          Entropy (8bit):5.474195960044918
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:orJwQJvYqL8Shqn2Xt3y9XImqL6VexAJWoFw:SwQJQumIFoqx5
                                                                                                                                                                                                                                                                          MD5:D060B5371249E859D5F80FFF961E1F50
                                                                                                                                                                                                                                                                          SHA1:6A33183CF9369184DFA814E1D7122A3943716238
                                                                                                                                                                                                                                                                          SHA-256:F68A40AEE0FAC282C6599CCAC9C0375F9CAAE4CA0AD16F87C662C64597689367
                                                                                                                                                                                                                                                                          SHA-512:3B8A93C6A848C255F35B81FDDFD8791E2CF32C4C892B67EEE231914D79131FB254C424922707A1266910CBDD9493EA20B57EF3C8B7CEF3C32C925E8783E86538
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var nra=function(){var a=_.je();return _.ek(a,1)};var Qr=function(a){this.Ga=_.t(a,0,Qr.messageId)};_.z(Qr,_.v);Qr.prototype.Ja=function(){return _.Kj(this,1)};Qr.prototype.Wa=function(a){return _.qk(this,1,a)};Qr.messageId="f.bo";var Rr=function(){_.am.call(this)};_.z(Rr,_.am);Rr.prototype.Sc=function(){this.QN=!1;ora(this);_.am.prototype.Sc.call(this)};Rr.prototype.aa=function(){pra(this);if(this.xz)return qra(this),!1;if(!this.TP)return Sr(this),!0;this.dispatchEvent("p");if(!this.nJ)return Sr(this),!0;this.cH?(this.dispatchEvent("r"),Sr(this)):qra(this);return!1};.var rra=function(a){var b=new _.dp(a.RZ);null!=a.tK&&b.aa("authuser",a.tK);return b},qra=function(a){a.xz=!0;var b=rra(a),c="rt=r&f_uid="+_.Ai(a.nJ);_.Hm(b,(0,_.kg)(a.ea,a),"POST",c)};.Rr.prototype.ea=function(a){a=a.target;pra(this);if(_.Km(a)){this.dF=0;if(this.cH)this.xz=!1,this.dispatchEvent("

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 1033

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):136131
                                                                                                                                                                                                                                                                          Entropy (8bit):5.310312873824174
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:LZuIBobvWngB3xfemTMFPKEEwt/1TJO0MMx4TEZ5jpYwr0svwWVjg9WQ:LNNFPKEE6AfMlZ5jWs0svwWVjg9b
                                                                                                                                                                                                                                                                          MD5:EE9855C647756A4B8377A5F755A468A2
                                                                                                                                                                                                                                                                          SHA1:59352C76AA273D9C49C7D48541BC45F82BD6CC87
                                                                                                                                                                                                                                                                          SHA-256:FF548512B3096AE8062B4ECB74691941B0689AE162F94EE086EB0ED9727E1F55
                                                                                                                                                                                                                                                                          SHA-512:ACA0C683979CE67311997CA2D40D6AF9FC44E75C7A263698DD75C4B30405CA9F000775BEA9964B099A3A0C9856ECC56E859AF9CD793F9CB5E31EA4F6D88D2C6B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/v6/store.css?v=LIrdlCdqQubH&l=english
                                                                                                                                                                                                                                                                          Preview:..* {...padding: 0;...margin: 0;..}....img {...border: none;..}......a {...text-decoration: none;...color: #ffffff;..}.......a:focus {...outline: 0px none;..}....a:hover {...text-decoration: none;.. color: #66c0f4;..}....a.nohover:hover {...text-decoration: none;..}......html {...height: 100%;..}....body.v6 {...position: relative;...min-height: 100%;...font-family: Arial, Helvetica, sans-serif;...color: #c6d4df;...font-size: 12px;..}....body.v6.in_client {...background-position: center top;..}....body.v6.game_bg {.. background: #1b2838;..}....body.v6 > div#global_header {...border-bottom-color: #171a21;..}.....v6_bg {.../* background: url( '/public/images/v6/tag_browse_header_bg.png' ) no-repeat center top; */..}....body.blue .v6_bg {...background:....url( '/public/images/v6/blue_top_center.png' ) center top no-repeat,....url( '/public/images/v6/blue_top_repeat.png' ) center top repeat-x..;.....min-height: 370px;..}....body.v6 div#store_header {...background-color: transparent;..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 720

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2530)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):40933
                                                                                                                                                                                                                                                                          Entropy (8bit):5.395941911107518
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:u+oRjI1CyyLnDqlcG0qAS2iq7sqXkMQu47j3/RWB:u+CyyLAAHLdjQu47YB
                                                                                                                                                                                                                                                                          MD5:F46C2D926D8F3366A9F85E6995D53A92
                                                                                                                                                                                                                                                                          SHA1:4B019B5F749359E6253D742F388A63144B4A7A5F
                                                                                                                                                                                                                                                                          SHA-256:85DBE993FC00B8066BD14BC72A4C65EDE501739FECBAE38A38E3E5871A8C1B42
                                                                                                                                                                                                                                                                          SHA-512:4EAECDD438EC9DB8FB4E8DAA935EC83F8438884585647E519BC0FCCDA0329DBDBCBA0CB3E4EB7AD44C58F29A20D07DE451368430166C5B65F66581D6024DF3D6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/spf.vflset/spf.js
                                                                                                                                                                                                                                                                          Preview:(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof l&&l];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var da=ca(this);function ea(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.ea("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g){this.g=f;ba(this,"description",{configurable:!0,writable:!0,value:g})}if(a)return a;c.protot

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 721

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):114724
                                                                                                                                                                                                                                                                          Entropy (8bit):5.551213200680841
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:wbxHQPJKnX30dnatNADF+Lz+T3J+E1KLd2rDr1I:wdQP0X30dnatNADF+Lz+T3J+eKU3r1I
                                                                                                                                                                                                                                                                          MD5:5A4453E9E3E19DE3FBABC55106F72397
                                                                                                                                                                                                                                                                          SHA1:7DCACF570ADA05AD90A3C19A59ED5443121DA6E6
                                                                                                                                                                                                                                                                          SHA-256:2E0DB94DBC625420B47C18DBE0CCD34D4A9AA08D15023E51F938AEDC753B0E2B
                                                                                                                                                                                                                                                                          SHA-512:ABCC8E5C5D4B5988F0AC5B47AAD04A137E26A315F6E5CE577A2227B350ABDB62AAC14A447F0DBD6EFB6DF43C9573DCDCAF1DD862AABA6667F612B3448E305B9B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCUo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEotM5KnP6eq1I-j0IjUz5JAQCU0Q/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var Krb=_.w("ltDFwf");var jV=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.yb("B6Vhqe");this.Ma=b.yb("juhVM");this.ta=b.yb("D6TUi");this.aa=b.yb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.It(this).Yb(function(){this.Fa.length&&(this.Fa.forEach(this.o8,this),this.Fa=[]);this.La&&(this.La=!1,_.as(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.as(this.mb,"transform","scaleX("+this.ja+")"));_.As(b,"B6Vhqe",this.Ca);_.As(b,"D6TUi",this.ta);_.As(b,"juhVM",this.Ma);_.As(b,"qdulke",this.aa)}).build();this.ea();_.Uh&&_.It(this).Yb(function(){b.ob("ieri7c")}).ze().build()();_.mA(this.oa().el(),this.Sa.bind(this))};_.z(jV,_.J);jV.Ba=_.J.Ba;.jV.prototype.Sa=function(a,b){Lrb(

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 723

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17932)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):28985
                                                                                                                                                                                                                                                                          Entropy (8bit):5.374011404169404
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:huk+I6EeyKEIWEeyCgq2YNwwESzQnZKETYN2COZYcUBQA4LxWm3CKgB+2RNPGRmW:0rJ4hNzrXNAtU9ArbM+ANORmUDl
                                                                                                                                                                                                                                                                          MD5:7A115F68D2C04AC16BBEA24BBE76CB65
                                                                                                                                                                                                                                                                          SHA1:F8A3777970D4E63256D9FC7B1B85F899BD95C73E
                                                                                                                                                                                                                                                                          SHA-256:AB65842F41DDADCBF1A60B717F59F7DFBBF6896F49C8F619CFD90086E8BD8E3A
                                                                                                                                                                                                                                                                          SHA-512:E8E504353006E3DFA60C3A7D64933E8627479CC49F6417F118E266A76D5CB6CCF680012F70C40F348780D9A176F96196CB89DB834F988733D32EADE6DF08FCBA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/qvzskUrYlYC.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/../**. * License: https://www.facebook.com/legal/license/aJoeSHn7XcN/. */.__d("blakejs-1.1.0",[],(function(a,b,c,d,e,f){"use strict";b={};var g={exports:b};function h(){var a="Input must be an string, Buffer or Uint8Array";function b(b){var c;if(b instanceof Uint8Array)c=b;else if(b instanceof Buffer)c=new Uint8Array(b);else if(typeof b==="string")c=new Uint8Array(Buffer.from(b,"utf8"));else throw new Error(a);return c}function c(a){return Array.prototype.map.call(a,function(a){return(a<16?"0":"")+a.toString(16)}).join("")}function d(a){return(4294967296+a).toString(16).substring(1)}function e(a,b,c){var e="\n"+a+" = ";for(var f=0;f<b.length;f+=2){if(c===32)e+=d(b[f]).toUpperCase(),e+=" ",e+=d(b[f+1]).toUpperCase();else if(c===64)e+=d(b[f+1]).toUpperCase(),e+=d(b[f]).toUpperCase();else throw new Error("Invalid size "+c);f%6===4?e+="\n"+new Array(a.length+4).join(" "):f<b.length-2&&(e+=" ")}}function f(a,b,c){var d=new Date().getTime(),e=new Uint8Array(b);for(var f=0;f<

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 724

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):11395
                                                                                                                                                                                                                                                                          Entropy (8bit):5.263154477395774
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:Zh6vqbjETmhTKN8xveEK6lIgpROZ793t37NAmr3LETECO+2Mlx1DWX73Mf+uEm4m:Zhcf33TCO+2gByhC
                                                                                                                                                                                                                                                                          MD5:C16C39B56D72EE779A4C29FB1BB60DD3
                                                                                                                                                                                                                                                                          SHA1:F0A8114D6E311F91357B3A9041DBCD96857B90EC
                                                                                                                                                                                                                                                                          SHA-256:5CD83EEE34169798040BBF6221263F6C5A5CBE5801C285813566EC1153DFCE09
                                                                                                                                                                                                                                                                          SHA-512:BB79CF68FA15EA0D4C883C4069AC22E121503F8031F8D17B9E6480D4CE8C701B81835789FA2E2D65841D2124EA88CD35CA982748B79FBB76C28C5A32BA21F8ED
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/v6/browse.css?v=wWw5tW1y7nea&l=english
                                                                                                                                                                                                                                                                          Preview:/* CSS Document */.....browse_header .page_title .blockbg {...background-color: #ff9900;...color: #000000;..}.....browse_floating_link {...float: right;...width: 288px;..}.....browse_links a {...color: #b0aeac;..}.....browse_links a.linkbar .rightblock {...color: #626366;..}.....tabbar {...white-space: nowrap;...margin-bottom: 10px;...overflow-x: auto;...overflow-y: hidden;..}..../* the preferred way is to wrap tabbar in tabbar_ctn, which helps handle horizontal scrolling on mobile */...tabbar_ctn {...margin-bottom: 10px;..}...tabbar_ctn .tabbar {...margin-bottom: 0;..}.....tabarea_filler {.. height: 40px;..}...tabarea .tab {.. display: inline-block;.. margin-right: 0px;.. border-top-left-radius: 3px;.. border-top-right-radius: 3px;.. margin-top: 3px;.. padding: 1px;..}...tabarea .tab .tab_browse_option_label,...tabarea .tab .tab_content {.. background: rgba( 0, 0, 0, 0.2 );.. border-top-left-radius: 3px;.. border-top-right-radius: 3px;.. font-size: 13p

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 725

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (21666), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):21831
                                                                                                                                                                                                                                                                          Entropy (8bit):5.355878437288478
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+iJkU4S/iqG/aPaRew1ilkR9bwUahxmliI8QCMBMNkrtKTw:BJdpZlSmOMhxqRfCmMC7
                                                                                                                                                                                                                                                                          MD5:083127D6E504A1B50A7042586BE02246
                                                                                                                                                                                                                                                                          SHA1:E082D15773159910FE4D276074446614D790B2C6
                                                                                                                                                                                                                                                                          SHA-256:0B06EDBEA521389EFB1BE0FB8D81E978C52C34C01386BA94D58F7B019EBBFDE4
                                                                                                                                                                                                                                                                          SHA-512:BBB9C41E20FE88B6132B3B8E177C834367AA977F082E391BFC704A10ED04FBD78A45DFECF4E9CD948A803ADE251A8A6D170F9E76481A81FC6273731C71D438D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/chunk~6326dca69.js?contenthash=4ded85f1a4afa27ecf75
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkstore=self.webpackChunkstore||[]).push([[5819],{88765:(t,i,r)=>{var o;r.d(i,{Z:()=>N});function e(t,i,r){null!=t&&("number"==typeof t?this.fromNumber(t,i,r):null==i&&"string"!=typeof t?this.fromString(t,256):this.fromString(t,i))}function s(){return new e(null)}"Microsoft Internet Explorer"==navigator.appName?(e.prototype.am=function(t,i,r,o,e,s){for(var n=32767&i,h=i>>15;--s>=0;){var u=32767&this[t],a=this[t++]>>15,f=h*u+a*n;e=((u=n*u+((32767&f)<<15)+r[o]+(1073741823&e))>>>30)+(f>>>15)+h*a+(e>>>30),r[o++]=1073741823&u}return e},o=30):"Netscape"!=navigator.appName?(e.prototype.am=function(t,i,r,o,e,s){for(;--s>=0;){var n=i*this[t++]+r[o]+e;e=Math.floor(n/67108864),r[o++]=67108863&n}return e},o=26):(e.prototype.am=function(t,i,r,o,e,s){for(var n=16383&i,h=i>>14;--s>=0;){var u=16383&this[t],a=th

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 726

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2420
                                                                                                                                                                                                                                                                          Entropy (8bit):4.972597027356834
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:gmlhVeoLah0uOD5hgujkaUhoV0nahQEWcTAjL3CW6lnOiLq7lhQETJN:xIrXOzgibVGlEWc7XlnDETJN
                                                                                                                                                                                                                                                                          MD5:E36C272EBDBD82E467534A2B3F156286
                                                                                                                                                                                                                                                                          SHA1:BFA08A7B695470FE306A3482D07A5D7C556C7E71
                                                                                                                                                                                                                                                                          SHA-256:9292DC752A5B7C7EC21F5A214E61620B387745843BB2A528179939F9E2423665
                                                                                                                                                                                                                                                                          SHA-512:173C0F75627B436C3B137286EA636DCAF5445770D89DA77F6F0B416E0E83759879D197A54E15A973D2EB5CAF90B94014DA049DE6CC57DBD63CAB3E2917FBA1BA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/widgets/analytics.js
                                                                                                                                                                                                                                                                          Preview:/*global define:true, s:true */../**. * @fileOverview Analytics . link and error tracking. * @name Analytics Widget. * @author dquock. */.define(["jquery", "BaseView", "nougat"],..function ($, BaseView, nougat) {..."use strict";....var View = BaseView.extend({.....el: "body",......events: {......// track any link with data-pagename......"click a[data-pagename], input[data-pagename], label[data-pagename]": "trackLink"......},....../**..... *.Link tracking..... *.@linkname = name attribute..... *.@pageName = data-pagename the link is going to..... *.@pageName2 = data-pagename2 the link is going to..... *.@prop27 = pagename(the one you're currently on)|linkname..... *.@prop28 = data-transactiondetailslinks..... *.also sets div#analytics prop attrs for automation..... */.....trackLink: function (event) {......var $link = $(event.currentTarget),.......pageName = $link.attr("data-pagename") || s.pageName,.......pageName2 = $link.attr("data-pagename2") || s.prop25;.......if (s) {.......// s

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 727

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65371), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):912538
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3745056569410865
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:S4JN26Vv8rzhMHp06bl0xlx52RWirV+hI8Zz49ezdCZTaCbvjrgxf5g6NEjFVoXy:TCMH26bl0x6lp6NEjosyG
                                                                                                                                                                                                                                                                          MD5:6821DF8647CF69C005E9FDA4C2433162
                                                                                                                                                                                                                                                                          SHA1:8FD865D503C59D1A8113DBC5F42CAE4858650C82
                                                                                                                                                                                                                                                                          SHA-256:6ECD779516D42329F8ED1C14FCD903D33518FF796DC483BE21EA359EDD69D454
                                                                                                                                                                                                                                                                          SHA-512:53575B53E79279CD0B5EFC8E6D4EF2E0E0C82C8BF8CBF10DC39DB5A1F9A1E391984415C3258CF7CC981C01EAC8D3FAEEECAC80F65A51629071818456AA0B8B48
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=aCHfhkfPacAF&l=english
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[3250],{58627:e=>{e.exports=c,e.exports.match=function(e,t){var r=[];return i(c(e,r,t),r)},e.exports.regexpToFunction=i,e.exports.parse=n,e.exports.compile=function(e,t){return o(n(e,t),t)},e.exports.tokensToFunction=o,e.exports.tokensToRegExp=u;var t="/",r=new RegExp(["(\\\\.)","(?:\\:(\\w+)(?:\\(((?:\\\\.|[^\\\\()])+)\\))?|\\(((?:\\\\.|[^\\\\()])+)\\))([+*?])?"].join("|"),"g");function n(e,n){for(var i,o=[],l=0,u=0,c="",g=n&&n.delimiter||t,d=n&&n.whitelist||void 0,p=!1;null!==(i=r.exec(e));){var f=i[0],m=i[1],h=i.index;if(c+=e.slice(u,h),u=h+f.length,m)c+=m[1],p=!0;else{var y="",_=i[2],b=i[3],v=i[4],S=i[5];if(!p&&c.length){var B=c.length-1,w=c[B];(!d||d.indexOf(w)>-1)&&(y=w,c=c.slice(0,B))}c&&(o.push(c),c="",p=!1);var E="+"===S||"*"===S,R="?"===S||"*"===S,T

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 728

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (20213), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):20378
                                                                                                                                                                                                                                                                          Entropy (8bit):5.359953654487888
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+k9KUfHHa/ZJzpwZaE9RVZ43fAgUwP/Cx8Znzq68zskxIPN+hfpWHyvpFMOjnW:xHobzOZH9aZtCx8Zzq68gaIwIHyvpFMJ
                                                                                                                                                                                                                                                                          MD5:125764D0CED9A002F53B3A0EB55C138F
                                                                                                                                                                                                                                                                          SHA1:72F057933256C5174908568E0E5FC6F08E7B265B
                                                                                                                                                                                                                                                                          SHA-256:304DBFF934EE082AD542F722660852DF3C9E8C816535AE06C80EDBE0BF76E264
                                                                                                                                                                                                                                                                          SHA-512:35E523F51C87F5DFFF830C734516F9D3FB8545A8343723852A3418DEA80266921030235F8A55DC31E7BA4EB0B205BBAB6D26B69C50992F22E7827C84F7A6180B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/manifest.js?v=Eldk0M7ZoAL1&l=english
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..var CLSTAMP="8636747";(()=>{"use strict";var e,a,n,s,c,d={},b={};function r(e){var a=b[e];if(void 0!==a)return a.exports;var n=b[e]={id:e,loaded:!1,exports:{}};return d[e].call(n.exports,n,n.exports,r),n.loaded=!0,n.exports}r.m=d,e=[],r.O=(a,n,s,c)=>{if(!n){var d=1/0;for(i=0;i<e.length;i++){for(var[n,s,c]=e[i],b=!0,f=0;f<n.length;f++)(!1&c||d>=c)&&Object.keys(r.O).every((e=>r.O[e](n[f])))?n.splice(f--,1):(b=!1,c<d&&(d=c));if(b){e.splice(i--,1);var o=s();void 0!==o&&(a=o)}}return a}c=c||0;for(var i=e.length;i>0&&e[i-1][2]>c;i--)e[i]=e[i-1];e[i]=[n,s,c]},r.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return r.d(a,{a}),a},n=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,s){if(1&s&&(e=this(e)),8&s)return e;if("object"==typeof e&&e){if(4&s&&e.__esModule)return e;if(16&s&&"function"==typeof e.t

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 729

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2682
                                                                                                                                                                                                                                                                          Entropy (8bit):5.192180126341354
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:y3/p1p6iBbbjR3Zk5kSR3ZkywR3ZktStR3ZkFXR3ZkRCR3Zk50woR3Zke+oR3Zk9:ip1p6e9MB/o0wq+tAtw
                                                                                                                                                                                                                                                                          MD5:F831F4C536299D57B63C0D0EAD9C09F0
                                                                                                                                                                                                                                                                          SHA1:43F71D89A47BDD1869FF4D411F04357926D21BE8
                                                                                                                                                                                                                                                                          SHA-256:E2C41580FDA72865B4C75053F974EE6C0F4FF7034F1C97FBD6D55A88E7FC55FE
                                                                                                                                                                                                                                                                          SHA-512:74D94CD14047D57063827036BB13E14310CA86278DF5052FBE67B07217CC6490B3563727D686B4ADD2CEA46D6BC0D57D745D81BA1030D68269141FA02C6F2E3D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english
                                                                                                                                                                                                                                                                          Preview:/*.. Font: ..Motiva Sans.. URL: ..http://www.youworkforthem.com/product.php?sku=T2982.. Foundry: .Niramekko.. Foundry: .http://www.youworkforthem.com/designer/293/niramekko.. Copyright:.Copyright 2011 by Rodrigo Saiani. All rights reserved... Version: .1.0.. Created:.August 09, 2012.. License: .http://www.youworkforthem.com/font-license.. License: .The WebFont(s) listed in this document must follow the YouWorkForThem..... WebFont license rules. All other parties are strictly restricted..... from using the WebFonts(s) listed without a purchased license...... All details above must always remain unaltered and visible in your CSS... */....@font-face {...font-family: 'Motiva Sans';...src: url('https://community.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015') format('truetype');...font-weight: normal;...font-style: normal;..}....@font-face {...font-family: 'Motiva Sans';...src: url('https://community.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Light.tt

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 730

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (12891), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):12891
                                                                                                                                                                                                                                                                          Entropy (8bit):5.129903749748971
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:QWf2m8D/D4/uHiKQZ24/ueb4/uH+ZmWuCHWunyWumF129emoaaFN7SCmyGuR8aRm:EZ1faaFNx9ub
                                                                                                                                                                                                                                                                          MD5:11A5F7355B7CF5BF23607D1C9C867DBD
                                                                                                                                                                                                                                                                          SHA1:5F61F57E61F10FF8B1097A4911F190AF8A0A9DC9
                                                                                                                                                                                                                                                                          SHA-256:3AFA03D3D72A4A45B12A9A62EFA42813D28C070941228BA09A2082E0032089A6
                                                                                                                                                                                                                                                                          SHA-512:FE2F75C8CC55CBB55362BD48B3F71F136614945A265BC877B7DFA698F1BEE2AD5AFA980BF50AB5C92519399E406964217E66EFFC4B3420160E6C849ACAA7EFB7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/cssbin/www-main-desktop-watch-page-skeleton.css
                                                                                                                                                                                                                                                                          Preview::root{--blob-a-x:55%;--blob-a-y:15%;--blob-b-x:101%;--blob-b-y:3%;--blob-c-x:94%;--blob-c-y:113%;--blob-d-x:10%;--blob-d-y:70%;--blob-e-x:0%;--blob-e-y:0%}@property --blob-a-x{syntax:"<percentage>";inherits:false;initial-value:55%}@property --blob-a-y{syntax:"<percentage>";inherits:false;initial-value:15%}@property --blob-b-x{syntax:"<percentage>";inherits:false;initial-value:101%}@property --blob-b-y{syntax:"<percentage>";inherits:false;initial-value:3%}@property --blob-c-x{syntax:"<percentage>";inherits:false;initial-value:94%}@property --blob-c-y{syntax:"<percentage>";inherits:false;initial-value:113%}@property --blob-d-x{syntax:"<percentage>";inherits:false;initial-value:10%}@property --blob-d-y{syntax:"<percentage>";inherits:false;initial-value:70%}@property --blob-e-x{syntax:"<percentage>";inherits:false;initial-value:10%}@property --blob-e-y{syntax:"<percentage>";inherits:false;initial-value:10%}html[ghost-cards-diffuse-1] .skeleton-bg-color{background:radial-gradient(ellipse 10

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 731

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):9819
                                                                                                                                                                                                                                                                          Entropy (8bit):4.18718488699821
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:BjBeEWEqTCqoLOtFrB9CyYMS1yVvdJ6Z/1UNATnxtBvAOs5Gh2Jr7c0lGjc9c03j:xBeEWLvFSkGIKvQZgctKLzV5Dk
                                                                                                                                                                                                                                                                          MD5:57FCD74DE28BE72DE4F3E809122CB4B1
                                                                                                                                                                                                                                                                          SHA1:E55E9029D883E8CE69CF5C0668FA772232D71996
                                                                                                                                                                                                                                                                          SHA-256:8B456FE0F592FD65807C4E1976EF202D010E432B94ABEB0DAFD517857193A056
                                                                                                                                                                                                                                                                          SHA-512:02C5D73AF09EABD863EEDBB8C080B4F0576593B70FCA7F62684E3019A981A92588E45DB6739B41B3495018370320F649E3A7D46AF35ACF927A1F21706867EF49
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/core/nougat.js
                                                                                                                                                                                                                                                                          Preview:/*. * nougat.js v0.0.1 - Application Mediator/Sandbox Library. * This module performs the function of mediator/sandbox.. *. * @author Erik Toth <ertoth@paypal.com>. */../*global define:false, requirejs:true */./*jslint plusplus:true, nomen:true */..define(['jquery', 'dust', 'dust-helpers-supplement'], function ($, dust) {. 'use strict';.. var ViewRenderer = null,. DustRenderer = null,. Nougat = null;.. /**. * Creates a new array with all elements that pass the test implemented by the provided function.. * The filter callback receives three arguments: the value of the element, the index of the element,. * and the Array object being traversed.. * @param {Array} arr the array to filter. * @param {Function} fn the function defining the filter test, returning true to keep and false to discard.. * @param {Object} [context] Object to use as this when executing callback.. */. function filter(arr, fn, context) {. if (Array.prototype.f

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 732

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (22133), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):22299
                                                                                                                                                                                                                                                                          Entropy (8bit):4.874583963415414
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+VicfSf4+JAslpN+MhZxEOIqisxp9RO6orsH1XQSmRyeyZ/84t1SSzNQvIkoVMxR:lp4+blpNN7VMxsgE3kSd5/VQ4oD
                                                                                                                                                                                                                                                                          MD5:7828A1ED84F6D2DD6A3A8EF5BDCBF960
                                                                                                                                                                                                                                                                          SHA1:36B36A5D25F6F54325E7886D1F3C5464B12C76A7
                                                                                                                                                                                                                                                                          SHA-256:290F87C53D842D219AEFA45C517B0B19F0645BC69F3D571F6E6C05B18C213167
                                                                                                                                                                                                                                                                          SHA-512:DE35362C1EFFA3BB369A866E2CE0D5A782F96D96D27DE9EF568F9268FE9DA67C93366D4225024C9EC0B0933C3E1FE7AF667876D7CFC3C6CE789A1CDD0F395700
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/marketing_english-json.js?contenthash=f3bfb4932330ad9c65e3
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkstore=self.webpackChunkstore||[]).push([[4929],{5:e=>{e.exports=JSON.parse('{"language":"english","label_play_free_until_custom":"Play for free until %1$s.","promo_ends_custom":"Offer ends %1$s.","label_play_free_generic":"Play for Free!","label_free_weekend":"Free Weekend","label_free_week":"Free Week","label_just_updated":"Just Updated","label_for_a_limited_time_only":"FOR A LIMITED TIME ONLY","msg_prepurchase_and_play_beta_now":"Pre-Purchase and Play the Beta Now!","msg_play_beta_now":"PLAY THE BETA NOW!","msg_prepurchase_and_get_beta_access":"Pre-Purchase and get Beta Access","msg_steam_workshop_now_available":"Steam Workshop Now Available","msg_now_with_steam_workshop":"Now with Steam Workshop","msg_now_with_steamworks":"Now with Steamworks","msg_now_available_on_steamos":"Now Available o

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 733

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (7404), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):7404
                                                                                                                                                                                                                                                                          Entropy (8bit):5.788732370889795
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:hJCW5fd9tU1bbrtbqbhnJ7ivbQW5QsXBYQXoszmmXswpcUMmHLXzKaPUnNqTtYhE:iQfdv5QZABVoGmUNqDwiJXl6I3DpJ
                                                                                                                                                                                                                                                                          MD5:B93C160BB3871F08B44B62393EA429E3
                                                                                                                                                                                                                                                                          SHA1:31EE2A1491AA3AD178526496346B63FF5FA0240D
                                                                                                                                                                                                                                                                          SHA-256:D744D8991E38F254020D11B3E583D760D594390FE9C35DF4BC2CD00BFA4806DA
                                                                                                                                                                                                                                                                          SHA-512:63C62158A717DF125D8B92B7ECCDDA05DA0EB4CC6516B17F1B8C69138F586F1FB270A3BCC1E10FC2E818B0331FACCB4BE1002B2FCC21D1EB688D26EAE5AFA692
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.epicgames.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
                                                                                                                                                                                                                                                                          Preview:window._cf_chl_opt={cFPWv:'b'};~function(R,g,h,i,n,o){R=b,function(c,e,Q,f,y){for(Q=b,f=c();!![];)try{if(y=-parseInt(Q(537))/1*(parseInt(Q(543))/2)+-parseInt(Q(500))/3*(-parseInt(Q(575))/4)+-parseInt(Q(490))/5+-parseInt(Q(547))/6*(-parseInt(Q(560))/7)+-parseInt(Q(501))/8*(parseInt(Q(506))/9)+-parseInt(Q(491))/10*(parseInt(Q(484))/11)+parseInt(Q(533))/12,e===y)break;else f.push(f.shift())}catch(z){f.push(f.shift())}}(a,272809),g=this||self,h=g[R(576)],i=function(S,e,f,y){return S=R,e=String[S(502)],f={'h':function(z){return z==null?'':f.g(z,6,function(A,T){return T=b,T(493)[T(580)](A)})},'g':function(z,A,B,U,C,D,E,F,G,H,I,J,K,L,M,N,O,P){if(U=S,z==null)return'';for(D={},E={},F='',G=2,H=3,I=2,J=[],K=0,L=0,M=0;M<z[U(488)];M+=1)if(N=z[U(580)](M),Object[U(531)][U(545)][U(539)](D,N)||(D[N]=H++,E[N]=!0),O=F+N,Object[U(531)][U(545)][U(539)](D,O))F=O;else{if(Object[U(531)][U(545)][U(539)](E,F)){if(256>F[U(497)](0)){for(C=0;C<I;K<<=1,A-1==L?(L=0,J[U(549)](B(K)),K=0):L++,C++);for(P=F[U(497)](0),C=

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 734

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                                                                                                          Entropy (8bit):4.157806386887449
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:ZjhnZNDrPKVXdl:ZjNjKVXdl
                                                                                                                                                                                                                                                                          MD5:0D9FE9D3AA33DA6C96F6BF9AF269F8B5
                                                                                                                                                                                                                                                                          SHA1:A089B5586CD5E479A0FD7D73591C7EC0C5A41235
                                                                                                                                                                                                                                                                          SHA-256:1C9E270C0A66096127A7F58A326D4728465B433D744B3066F3F28CD5E87C9576
                                                                                                                                                                                                                                                                          SHA-512:3A15B10B23D0259F2738B01517E734C41122D68EFA555BE2CC1E162028FB4C7E88617D783BA571D82554B9CE3DDAAAD046A4BEBAFA1A87D79CEBD5A7EDD17571
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnAFtBk7-_xrBIFDQqzETASBQ0o8SlJ?alt=proto
                                                                                                                                                                                                                                                                          Preview:CiIKEw0KsxEwGgQICRgBGgQIVhgCIAEKCw0o8SlJGgQISxgC

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 735

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular4.015;Plau;Motiva
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):122684
                                                                                                                                                                                                                                                                          Entropy (8bit):6.0666961682037535
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:lpsQ7l3T64Z1lKcDqttEPBWVNwZ+e222pKKSxfj9:Yg3T64Z19DqtkWbu/222kZfh
                                                                                                                                                                                                                                                                          MD5:57613E143FF3DAE10F282E84A066DE28
                                                                                                                                                                                                                                                                          SHA1:88756CC8C6DB645B5F20AA17B14FEEFB4411C25F
                                                                                                                                                                                                                                                                          SHA-256:19B8DB163BCC51732457EFA40911B4A422F297FF3CD566467D87EAB93CEF0C14
                                                                                                                                                                                                                                                                          SHA-512:94F045E71B9276944609CA69FC4B8704E4447F9B0FC2B80789CC012235895C50EF9ECB781A3ED901A0C989BED26CAA37D4D4A9BAFFCCE2CB19606DBB16A17176
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG.......4....GDEF...4...,...@GPOS:>}....l..uzGSUB.d....v.....OS/2u6.........`cmap.d..........cvt F......|....fpgm.6!....D....gasp.......t....glyf._m....|....head...H...l...6hhea...G.......$hmtx..l.........locaCH..........maxp.......X... name..l...x...opost............prep.......\...................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 737

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1161
                                                                                                                                                                                                                                                                          Entropy (8bit):6.483902966293242
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:2C1hkyaWwjx82lY2T3RVNxhpyJ3Vlt8vmG8ll6f7iX:HZNn2lPzoJ3PtQmBY0
                                                                                                                                                                                                                                                                          MD5:E406E5A22E4F3CFA580D3BB57420150E
                                                                                                                                                                                                                                                                          SHA1:5B381E535BB0CE6003A461F3124FA1238DFBCEDB
                                                                                                                                                                                                                                                                          SHA-256:760589F903C5E9BD169B38F941F9A3DC88A23897E9CC5B622D3D91F5C204B9E4
                                                                                                                                                                                                                                                                          SHA-512:E33CB7BD10104A1E8C2D3F2B3885D65EF3769F7250445C8341D6D2AD2367749CCDC48DAABE4EA39CB80EE0362AF9D01E48370DB858BA01F956A1A6B8C04217C1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/images/ico/ico_facebook.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...'iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.1462899777, 2023/06/25-23:57:14 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 25.1 (Windows)" xmpMM:InstanceID="xmp.iid:399EA8C592D411EE91E8F6773DB0009B" xmpMM:DocumentID="xmp.did:399EA8C692D411EE91E8F6773DB0009B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:399EA8C392D411EE91E8F6773DB0009B" stRef:documentID="xmp.did:399EA8C492D411EE91E8F6773DB0009B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.d......IDATx.b..U.d``.......@...4.....0......PWU.p..Q....1\=...2I.\Fg.&3de.....BX..4 ...L...!#....... )!..7m..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 738

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65254), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):183058
                                                                                                                                                                                                                                                                          Entropy (8bit):5.056115355516395
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:rAA36oGqNyrrdiEEUl3SoZsJcl1jv2vQErjitufgFwfzr6oQfV38rLObbAlU:WHdiUMm1sQErjMufgFwfzr6oQerLY
                                                                                                                                                                                                                                                                          MD5:1E19B0D8EB87E521C61C0B494AABAAAD
                                                                                                                                                                                                                                                                          SHA1:661822568099D693915A5D89B98A4B1D116DD3BE
                                                                                                                                                                                                                                                                          SHA-256:E052A06E798D03E37E17BB6B4DBB5910BA391A87D7A0BCDF9D882D47A9D35FBA
                                                                                                                                                                                                                                                                          SHA-512:EA7B9ED973D7636EB6F83A4542A2F086429C0B534A1BC0C259366765DD6D7C03F28A59C8376421635A8A0B9C0E07BA5C7B3BEC59EFD14AE75E76FE446C03658D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/localization/shared_english-json.js?contenthash=2fb55cd8013e9f27bfd8
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[131],{44965:e=>{e.exports=JSON.parse('{"language":"english","Steam_Platform":"Steam","Button_About":"About","Button_Append":"Append","Button_Back":"Back","Button_Cancel":"Cancel","Button_Close":"Close","Button_Clone":"Clone","Button_Confirm":"Confirm","Button_Copy":"Copy","Button_Copied":"Copied","Button_CopyClipboard":"Copy to Clipboard","Button_CopyLink":"Copy Link","Button_Continue":"Continue","Button_Create":"Create","Button_Delete":"Delete","Button_Discuss":"Discuss","Button_Dismiss":"Dismiss","Button_Edit":"Edit","Button_Learn":"Learn more here","Button_Publish":"Publish","Button_Post":"Post","Button_OK":"OK","Button_Done":"Done","Button_Overwrite":"Overwrite","Button_Retry":"Retry","Button_Remove":"Remove","Button_Revert":"Revert","Button

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 739

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):279627
                                                                                                                                                                                                                                                                          Entropy (8bit):5.151957894348034
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:c2hPacZGzlBAgyxOmwn135UAcRCHgK0icNaQeUTUdDYubFryHgjKbntICUR:N83tMSC4
                                                                                                                                                                                                                                                                          MD5:67415238A0ED99286F8261E4A6CDFBE5
                                                                                                                                                                                                                                                                          SHA1:86EBB0BBD60D8D6BBDC80AA60BC809F17FA9F6D3
                                                                                                                                                                                                                                                                          SHA-256:7C3190461704D64CB2FB3BBE447902518DCC8A93536E10B7D3475B8ECB836152
                                                                                                                                                                                                                                                                          SHA-512:01B036685AFA19E0EE5299A6076C76384A18493345E8EF887CBE2B07B3C79B44F1AA3615918807C6BAA876263A5201D4A36195ACCFFA555F6B3F42503EBE6C7A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/642e1qh28prue1yv3o1kqf3z9
                                                                                                                                                                                                                                                                          Preview:li-icon[type="linkedin-bug"] .background{fill:#000000}li-icon[type="linkedin-bug"][color="brand"] .background{fill:#0077B5}li-icon[type="linkedin-bug"][color="inverse"] .background{fill:#ffffff}li-icon[type="linkedin-bug"][color="premium"] .background{fill:#AF9B62}.artdeco-premium-bug-variant li-icon[type="linkedin-bug"][color="premium"] .background{fill:#EFB920}li-icon[type="linkedin-bug"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][color] .bug-text-color{display:block}li-icon[type="linkedin-bug"][color="inverse"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][size="14dp"]{width:14px;height:14px}li-icon[type="linkedin-bug"][size="21dp"]{width:21px;height:21px}li-icon[type="linkedin-bug"][size="28dp"]{width:28px;height:28px}li-icon[type="linkedin-bug"][size="34dp"]{width:34px;height:34px}li-icon[type="linkedin-bug"][size="40dp"]{width:40px;height:40px}li-icon[type="linkedin-bug"][size="48dp"]{width:48px;height:48px}li-icon[type="linkedin-bug"] svg{width:100%;he

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 741

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (1105)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):7131
                                                                                                                                                                                                                                                                          Entropy (8bit):5.290022748048895
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:aenh+xzGcqNq/3txta6YwMfDBruxaWbinBYHhGdBL5FBe7V0F:aih+xii/3Pta61MAbWF
                                                                                                                                                                                                                                                                          MD5:B8A049CD5CA72D93CF27E699498A9841
                                                                                                                                                                                                                                                                          SHA1:230C15DA4B6C86D20CDF83639E33CB380372190D
                                                                                                                                                                                                                                                                          SHA-256:8838C29209263BDCFA6158FA2AB8747C16B8028AD38169857A6152255FD43CE0
                                                                                                                                                                                                                                                                          SHA-512:B4B3F9B09E3307880D24AB086F62AE494FB19052B4A4515F45EC2156075F4A6AC96EA206DF908801738C8C7D3155D5FAEEE699BE319FF1A9152BB811644744EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1705502350607&}&action=default
                                                                                                                                                                                                                                                                          Preview:<html>..<head>...<style>.....spinner:after,.spinner:before{content:''}#recaptcha{z-index:1}@-webkit-keyframes rotation{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@-moz-keyframes rotation{from{-moz-transform:rotate(0);transform:rotate(0)}to{-moz-transform:rotate(359deg);transform:rotate(359deg)}}@-o-keyframes rotation{from{-o-transform:rotate(0);transform:rotate(0)}to{-o-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes rotation{from{transform:rotate(0)}to{transform:rotate(359deg)}}.spinner:before{display:block;margin:40px auto;width:34px;height:34px;border-left:8px solid rgba(0,0,0,.2);border-right:8px solid rgba(0,0,0,.2);border-bottom:8px solid rgba(0,0,0,.2);border-top:8px solid #2180c0;border-radius:50px;-webkit-animation:rotation .7s infinite linear;-moz-animation:rotation .7s infinite linear;-o-animation:rotation .7s infinite linear;animation:rotation .7s infinite linear}.spinner:after{position:fi

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 742

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (15572), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15737
                                                                                                                                                                                                                                                                          Entropy (8bit):5.43362108203076
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+xXjn6fLBNGH9D3cwSipnlL8BGzK0SbrI81LVCn6Kqtv60:CALn8fSipnCT0irI8Jgn6Kqtv60
                                                                                                                                                                                                                                                                          MD5:191608F4894375D7BE4986A81D4C5B39
                                                                                                                                                                                                                                                                          SHA1:925E9CD4AEEA3C0EB4AF9F086DF14C447657AF1C
                                                                                                                                                                                                                                                                          SHA-256:CE4A3A2822BA4B06ED963FB73CEC12578A3882A0BB97A54F8BCC455B190959F4
                                                                                                                                                                                                                                                                          SHA-512:6A7958A40A7634E8F1182152F44AB52D5CF683753ABFC301148AB6A59C868B29C64643DA533E61DE88F0D9DA0D17FA8E23324CBADE75A644B6217E4239C4F88E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=GRYI9IlDdde-&l=english
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..var CLSTAMP="8636748";(()=>{"use strict";var a,e,n,c,i,o={},d={};function s(a){var e=d[a];if(void 0!==e)return e.exports;var n=d[a]={id:a,loaded:!1,exports:{}};return o[a].call(n.exports,n,n.exports,s),n.loaded=!0,n.exports}s.m=o,a=[],s.O=(e,n,c,i)=>{if(!n){var o=1/0;for(f=0;f<a.length;f++){for(var[n,c,i]=a[f],d=!0,t=0;t<n.length;t++)(!1&i||o>=i)&&Object.keys(s.O).every((a=>s.O[a](n[t])))?n.splice(t--,1):(d=!1,i<o&&(o=i));if(d){a.splice(f--,1);var l=c();void 0!==l&&(e=l)}}return e}i=i||0;for(var f=a.length;f>0&&a[f-1][2]>i;f--)a[f]=a[f-1];a[f]=[n,c,i]},s.n=a=>{var e=a&&a.__esModule?()=>a.default:()=>a;return s.d(e,{a:e}),e},n=Object.getPrototypeOf?a=>Object.getPrototypeOf(a):a=>a.__proto__,s.t=function(a,c){if(1&c&&(a=this(a)),8&c)return a;if("object"==typeof a&&a){if(4&c&&a.__esModule)return a;if(16&c&&"function"==typeof a

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 745

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (724)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1794
                                                                                                                                                                                                                                                                          Entropy (8bit):5.186419254133929
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:UOgXlnpVgBvYL8YLUYLgunYLgl60uxYMTw0sL8ZrktHATX1yrWSwEr5WiEW0JoI0:QpgSHfsnsXImvLkktgTu54LJoIica
                                                                                                                                                                                                                                                                          MD5:84B1C8EE7CB5400E9A8857B538731127
                                                                                                                                                                                                                                                                          SHA1:3180CA58C7C239643A5FF106AD624D923D0821EE
                                                                                                                                                                                                                                                                          SHA-256:BB25C85A1F4D76BC95DAAB190FD62C18C082D5ED84FD0C5320B9EA6AB0A8B84A
                                                                                                                                                                                                                                                                          SHA-512:A7F3FF62C05C54E3FBAA220221581144515B1014DE126D886AFE1FDD54B66F976A58B2E874BC00339E0CCEDE26D37DA1D3403A61350F34CC7C5DDFDBBFB07758
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/piXcg3ZJdR_.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                                                                                          Preview:.clearfix:after{clear:both;content:'.';display:block;font-size:0;height:0;line-height:0;visibility:hidden}.clearfix{zoom:1}.datawrap{word-wrap:break-word}.word_break{display:inline-block}.ellipsis{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.aero{opacity:.5}.column{float:left}.center{margin-left:auto;margin-right:auto}#facebook .hidden_elem{display:none!important}#facebook .invisible_elem{visibility:hidden}#facebook .accessible_elem{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute;white-space:nowrap;width:1px}#facebook .accessible_elem_offset{margin:-1px}.direction_ltr{direction:ltr}.direction_rtl{direction:rtl}.text_align_ltr{text-align:left}.text_align_rtl{text-align:right}..._5f0v{outline:none}._3oxt{outline:1px dotted #3b5998;outline-color:invert}.webkit ._3oxt{outline:5px auto #5b9dd9}.win.webkit ._3oxt{outline-color:#e59700}.div._3qw{height:auto;left:0;min-height:100%;position:absolute;right:0;top:0;z-index:400}._31e{position:fixed!importan

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 747

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5024)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5196
                                                                                                                                                                                                                                                                          Entropy (8bit):5.376490078122449
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:iLRIferbBcOCRla+7Rzkz18ZxytPVKwDnt5W2NNHWDlORvvhnhX4:wIIqRAF6/K9DnSmPN5ho
                                                                                                                                                                                                                                                                          MD5:82FC10F1E1064AEC1A47878048F77865
                                                                                                                                                                                                                                                                          SHA1:107BDE360F5E2685A92A43405C2E65C084630F30
                                                                                                                                                                                                                                                                          SHA-256:9529DE95D4387711FF7CC2D87D279217CF54C08EA9977AC1B649BB5B48A3657D
                                                                                                                                                                                                                                                                          SHA-512:0A4712B16539E2A7C23C0EB2ED6276D8C1B41A83CD69ABB32CB38C76BB3F3E90832D3FF552EA78D08A5F3982CA9EC943D2FA1BD046D512C0BB455D4FB2038183
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.SideNav~bundle.MultiAccount~bundle.JobSearch.2178fe2a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.SideNav~bundle.MultiAccount~bundle.JobSearch"],{893111:(e,t,a)=>{a.d(t,{a:()=>Z});var r=a(202784),i=a(819153),s=a(623791),n=a(903188),c=a(973186),l=a(645184),o=a.n(l),d=a(31735),u=a(507066),m=a(801206),g=a(719977),h=(a(906886),a(743108),a(325686)),p=a(882392),b=a(537800),f=a(955916),C=a(435131),v=a(437796),_=a(467935),w=a(348501);const y=o().c61eea74,E=o().b7dc3885,U=o().d86bbf0f,k=o().h6beb5fb,I=({accountUsers:e,activeUser:t,handleMultiAccountSwitch:a,renderUserDecoration:s,userTestId:c,withBadges:l})=>{const{featureSwitches:o}=r.useContext(w.rC),d=(0,v.v)(_.BP),u=o.isTrue("twitter_delegate_enabled"),[m,g]=r.useState(!u),I=r.useMemo((()=>e.filter((e=>e.user_id!==(null==t?void 0:t.id_str)))),[e,t]),S=r.useMemo((()=>I.reduce(((e,t)=>e+(t.badgeCount||0)),0)),[I]),B=r.useCallback((()=>{g(!m)}),[m]),M=r.useMemo((()=>u&&d&&d>0?r.createElement(h.Z,{onClick:B,style:D.pers

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 751

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3684
                                                                                                                                                                                                                                                                          Entropy (8bit):4.780503743341751
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:CXQSfzclE2Bc4N/waCVAh+m8CE2n1HNBRjVO2PGPLYOgzypH6YB:WQAzSE2BB9/c1CEEtoFUOgzs6YB
                                                                                                                                                                                                                                                                          MD5:B7A7E43284E2FFE806AC1BC27C1F6A87
                                                                                                                                                                                                                                                                          SHA1:E8196489E2AE99EC6EB33995B5A3E108D6E44DE0
                                                                                                                                                                                                                                                                          SHA-256:C3A7C646A1305017F22423030CB5A12ACC9F96B64013DCEF7AEB80567B542CBB
                                                                                                                                                                                                                                                                          SHA-512:757E4F382A864CAC9F975220C28586F5EA415B2E2215375C1A47E011A9190FCD15313D399007539F150A6DF0378B8F2022AC88E995693AB03A9F5656BFE40832
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... width="355.666px" height="89.333px" viewBox="0 0 355.666 89.333" enable-background="new 0 0 355.666 89.333"... xml:space="preserve">..<g>...<path fill="#C5C3C0" d="M44.238,0.601C21,0.601,1.963,18.519,0.154,41.29l23.71,9.803c2.009-1.374,4.436-2.179,7.047-2.179....c0.234,0,0.467,0.008,0.698,0.021l10.544-15.283c0-0.073-0.001-0.144-0.001-0.216c0-9.199,7.483-16.683,16.683-16.683....c9.199,0,16.682,7.484,16.682,16.683c0,9.199-7.483,16.684-16.682,16.684c-0.127,0-0.253-0.003-0.379-0.006l-15.038,10.73....c0.008,0.195,0.015,0.394,0.015,0.592c0,6.906-5.617,12.522-12.522,12.522c-6.061,0-11.129-4.326-12.277-10.055L1.678,56.893....c5.25,18.5

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 754

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3684
                                                                                                                                                                                                                                                                          Entropy (8bit):4.780503743341751
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:CXQSfzclE2Bc4N/waCVAh+m8CE2n1HNBRjVO2PGPLYOgzypH6YB:WQAzSE2BB9/c1CEEtoFUOgzs6YB
                                                                                                                                                                                                                                                                          MD5:B7A7E43284E2FFE806AC1BC27C1F6A87
                                                                                                                                                                                                                                                                          SHA1:E8196489E2AE99EC6EB33995B5A3E108D6E44DE0
                                                                                                                                                                                                                                                                          SHA-256:C3A7C646A1305017F22423030CB5A12ACC9F96B64013DCEF7AEB80567B542CBB
                                                                                                                                                                                                                                                                          SHA-512:757E4F382A864CAC9F975220C28586F5EA415B2E2215375C1A47E011A9190FCD15313D399007539F150A6DF0378B8F2022AC88E995693AB03A9F5656BFE40832
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... width="355.666px" height="89.333px" viewBox="0 0 355.666 89.333" enable-background="new 0 0 355.666 89.333"... xml:space="preserve">..<g>...<path fill="#C5C3C0" d="M44.238,0.601C21,0.601,1.963,18.519,0.154,41.29l23.71,9.803c2.009-1.374,4.436-2.179,7.047-2.179....c0.234,0,0.467,0.008,0.698,0.021l10.544-15.283c0-0.073-0.001-0.144-0.001-0.216c0-9.199,7.483-16.683,16.683-16.683....c9.199,0,16.682,7.484,16.682,16.683c0,9.199-7.483,16.684-16.682,16.684c-0.127,0-0.253-0.003-0.379-0.006l-15.038,10.73....c0.008,0.195,0.015,0.394,0.015,0.592c0,6.906-5.617,12.522-12.522,12.522c-6.061,0-11.129-4.326-12.277-10.055L1.678,56.893....c5.25,18.5

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 757

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (663)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3238
                                                                                                                                                                                                                                                                          Entropy (8bit):5.364594322454931
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:o7jSOfbs/yYsLprLfGS4dNQ8jsaw9wme71XQKJCLbjC+pqmDMPtli23rw:ovZTIEtKHdOPGaKJCLbjC+ubw
                                                                                                                                                                                                                                                                          MD5:65BA50756588185A6391E750B28B06BA
                                                                                                                                                                                                                                                                          SHA1:E634CDDE8E44A7C3CA8D34FCC1F3235A72A7C9F7
                                                                                                                                                                                                                                                                          SHA-256:325E5141A04513B760AC5CBB1A3AA21BCDF795616E76A81B199FECEBE46FF713
                                                                                                                                                                                                                                                                          SHA-512:925DC827DB819A6B7AAAA27CB4CB52F808A64813220C8E3146C061DCBF4A31AA4808CA7D702111F2C22214F8FA20235E954EAC6E9F156AAEB9922289B26190B2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var ux=function(a){_.I.call(this,a.Ha)};_.z(ux,_.I);ux.Oa=_.I.Oa;ux.Ba=_.I.Ba;ux.prototype.cM=function(a){return _.Xe(this,{Xa:{pN:_.Yk}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.cj(function(e){window._wjdc=function(f){d(f);e(wCa(f,b,a))}}):wCa(c,b,a)})};var wCa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.pN.cM(c)};.ux.prototype.aa=function(a,b){var c=_.Zqa(b).Xg;if(c.startsWith("$")){var d=_.yn.get(a);_.ur[b]&&(d||(d={},_.yn.set(a,d)),d[c]=_.ur[b],delete _.ur[b],_.vr--);if(d)if(a=d[c])b=_.We(a);else throw Error("Kb`"+b);else b=null}else b=null;return b};_.ls(_.sca,ux);._.m();._.k("SNUn3");._.vCa=new _.Kl(_.og);._.m();._.k("RMhBfe");.var xCa=function(a,b){a=_.tpa(a,b);return 0==a.length?null:a[0].tb},yCa=function(){return Object.values(_.sq).reduce(function(a,b){return a+Object.keys(b).length},0)},zCa=function(){return Object.entries(_

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 759

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (24681), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):60854
                                                                                                                                                                                                                                                                          Entropy (8bit):5.237035743895263
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:AEJpvhd5dY0KEApMyw+l/oOJz9owymlgaUYCOlb+OeaLJIt:AEr5n6EhZkyuLJIt
                                                                                                                                                                                                                                                                          MD5:BF7E930C75C0FEC002110E9B34D8AA7D
                                                                                                                                                                                                                                                                          SHA1:92EAB00D40336B37E15583EF5D385B6B4E7A0A61
                                                                                                                                                                                                                                                                          SHA-256:FB1E3D2F0CB6E7D4E141CA84C8119F9A544C822B0BAF2F94F3073B84576770D8
                                                                                                                                                                                                                                                                          SHA-512:BE289CA1EA1355D5AA7508F145A4323FE20F875957CCB410222B7A8258ED4F3E8AFF72D00B1DA20CD04F8A7EFF3FC66C91FBF40EFAD877AED609DBFB039D4449
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/login.js?v=v36TDHXA_sAC&l=english
                                                                                                                                                                                                                                                                          Preview:"use strict";....function CLoginPromptManager( strBaseURL, rgOptions )..{...// normalize with trailing slash...this.m_strBaseURL = strBaseURL + ( strBaseURL.substr(-1) == '/' ? '' : '/' ) + ( this.m_bIsMobile ? 'mobilelogin' : 'login' ) + '/';...this.m_strSiteBaseURL = strBaseURL; // Actual base url, not the login base url above......// read options...rgOptions = rgOptions || {};...this.m_bIsMobile = rgOptions.bIsMobile || false;...this.m_strMobileClientType = rgOptions.strMobileClientType || '';...this.m_strMobileClientVersion = rgOptions.strMobileClientVersion || '';...this.m_bIsMobileSteamClient = ( this.m_strMobileClientType ? true : false );...this.m_bMobileClientSupportsPostMessage = rgOptions.bMobileClientSupportsPostMessage || false;.....this.m_$LogonForm = $JFromIDOrElement( rgOptions.elLogonForm || document.forms['logon'] );.....this.m_fnOnFailure = rgOptions.fnOnFailure || null;...this.m_fnOnSuccess = rgOptions.fnOnSuccess || null;.....this.m_strRedirectURL = rgOptions.strRe

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 761

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5151)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5374
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2061349381256
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:6xDnYKol2BQkYhsE/k1/5t8PEhmgC8bKkyNiez9M5JYZMtLBCmxfv:Y9WTkYhQz0KYie5mtNv
                                                                                                                                                                                                                                                                          MD5:723EF9CE141A8D40F644CC7FB4953698
                                                                                                                                                                                                                                                                          SHA1:50A89C4BF8B2E3398C16A1F0315884BC4B4A589E
                                                                                                                                                                                                                                                                          SHA-256:900117500F3685C3424EC52979DC06B8EB9FB0BE6903E245CDD887C7236F0C7A
                                                                                                                                                                                                                                                                          SHA-512:0D4F3292C4F021C6D5E799AEF24A1BC2EA2687DA622731DE70CBA877CE32284373B5A2F6A513AAEDAAC0DDFB7FEC727D9DD826EDAAB825D3F74DDA34B78B7AC9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AudioDock~loader.DashMenu~loader.SideNav~loader.Typeahead~loader.AppModules~loader.DMDrawer~bun.725585ca.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AudioDock~loader.DashMenu~loader.SideNav~loader.Typeahead~loader.AppModules~loader.DMDrawer~bun"],{434411:(e,t,n)=>{n.d(t,{Z:()=>T});n(906886);var o=n(202784),r=n(325686),a=n(645184),i=n.n(a),l=n(721783),s=n(431165),c=n(378705),p=n(882392),d=n(229496),u=n(973186),h=n(238749);const m="interstitialGraphic",y=i().d7e50a66;class g extends o.Component{constructor(...e){super(...e),this._handleButtonRefUpdate=e=>{e&&!this._wasFocused&&(e.focus(),this._wasFocused=!0)}}componentDidMount(){this.props.onImpression&&this.props.onImpression()}render(){const{children:e,footer:t,graphicDisplayMode:n,withBottomPadding:a,withCloseButton:i}=this.props,l="illustrationFullWidth"===n?f.fillHeight:f.containerTopMargin;return o.createElement(r.Z,{style:[B.root,a&&B.withBottomPadding,!i&&"illustrationFullWidth"!==n&&(a?B.appBarReplacementSpacer:B.appBarReplacementSpacerThin)]},this._rend

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 763

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65371), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):832298
                                                                                                                                                                                                                                                                          Entropy (8bit):5.627438257183635
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:OsVgireDVwYy2tcYbeOlhb4XbE0yv2vxa7cL15rv69SGzoz1p2Zv5QVuYM2iOyvH:OJ//hbJlhELE0yv0xagXrkSG28vH
                                                                                                                                                                                                                                                                          MD5:034C36D18F2A3DC7F9D13CF78D57A549
                                                                                                                                                                                                                                                                          SHA1:DA1EC8ABB8282C882E7254963934F3E0E3E23188
                                                                                                                                                                                                                                                                          SHA-256:20AC7252C2880C0CF986EF08A8E21E6C41FBF910AA4C44F44F474E45D3882E8E
                                                                                                                                                                                                                                                                          SHA-512:3CB8FF77A509BF9A61B0BE4258DD995C36D920EA6E8DB6557598AC5B8ACE941CC45B774144F9F97BFADAC90DC05272D0FC0B8615A0A7202543690A2F3D10CF54
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/main.js?v=A0w20Y8qPcf5&l=english
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkstore=self.webpackChunkstore||[]).push([[179],{51194:e=>{e.exports={FocusRingRoot:"focusring_FocusRingRoot_3PH_X",FocusRing:"focusring_FocusRing_1IZrQ",flash:"focusring_flash_1YTKZ",growOutline:"focusring_growOutline_Z3LxS",fadeOutline:"focusring_fadeOutline_2hZu3",blinker:"focusring_blinker_3wFMM",DebugFocusRing:"focusring_DebugFocusRing_YxeOZ",FocusRingOnHiddenItem:"focusring_FocusRingOnHiddenItem_2OusV"}},87123:e=>{e.exports={ScrollPanel:"scrollpanel_ScrollPanel_1CXdi",ScrollY:"scrollpanel_ScrollY_313lB",ScrollX:"scrollpanel_ScrollX_1oRGo",ScrollBoth:"scrollpanel_ScrollBoth_3S2Ko"}},74736:e=>{e.exports={HoverPosition:"hoverposition_HoverPosition_3XUAN",Ready:"hoverposition_Ready_qEo88",NoSpace:"hoverposition_NoSpace_2NTbb",EnablePointerEvents:"hoverposition_EnablePointerEvents_2MP9n",HoverAboveModal:"ho

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 768

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3777
                                                                                                                                                                                                                                                                          Entropy (8bit):7.855078020337897
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:W5Zsk8bb6l5qnCoghGfkm37QP00rqGDXrg/sG3vUx+Iocg2fkjGfkjky:W5H8o5qe0Mu7600WiXE/v3ve+Is2MjGm
                                                                                                                                                                                                                                                                          MD5:EABC76EB57FEAE44ADD7FAEAD028521E
                                                                                                                                                                                                                                                                          SHA1:4E3E53938FAD15661D2D046A868338841A95DB19
                                                                                                                                                                                                                                                                          SHA-256:FC9E6260A2706AE146282D77E67BC1B74688435F8912AB4C1932641EEC28BFFA
                                                                                                                                                                                                                                                                          SHA-512:5C6DA6EEEFDDF321C2BC7E39A134E0A3140A9F93AD1560B2E102EF60EC218C29AAE14ED344C79E25CC5493CD15551040D8C909DE28DCAB02034D787563104E07
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...cIDATx..._LTg...w.i........Vmk.6X....i..F..{...^..^4Mz..6ml..nb ]....e.a....v..)...a.E.).#..>.0.3g.Kww8/..'y.g........sf.....W.2.... ...4....@......@...h... ...4....@. ....@...h... ...4....@. ....@...h......2....P^^...sVEE....r..={f.K....I...F#R...g..vN..k...%.Oj..6...h.:"...0......K.E..G..."..@.x..w.*...'."_..A...L.r....I..W........^H...Q...:;..h4j.z..8..,..a/...w.Fm.Meg.C.a.|..w.....u.`.zM.U.=....4e...=.U.....[.h.z..j...Te.a..z...+RUR.8.N.u.INN..o?a........E...o}.#...._....Oc..=.Orr.&.!;;[=..3..q.....?H...0{.S._m.B..(.6.Rm.)...]..%....3..c..Dk.M..z.%.c..NTd...}..90..tj.v.#.L..M.t.uc.<>..3..;..:..G..9..I.....%.@.`..d....@...h.@. ...4`6...M.@'.n......I/z`5>>.K...X7Z.Z.....5.7..h+.N.h....gS...8...........@..Njj.}....'...{`...'T{....mmm'.t2....?V..=C.......=b......`|s.@'zC.N......."..>k...M......)...}....?.r...+z.x....JTII.....4.O_....s..?>W..?.O.....`...t{...r..Z

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 769

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):65441
                                                                                                                                                                                                                                                                          Entropy (8bit):5.030761148036821
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:tIipojPGlIr8vKP0DPLX7uE+6ZrstVjIc1s73+lPBfTpErw9JuEHPVoglPdYK5aO:tIip4P8Ir8vKP0DPLX7uE+ustVj11s7S
                                                                                                                                                                                                                                                                          MD5:EB3B3278A5766D86F111818071F88058
                                                                                                                                                                                                                                                                          SHA1:333152C3D0F530EEE42092B5D0738E5CB1EEFD73
                                                                                                                                                                                                                                                                          SHA-256:1203F43C3293903ED6C84739A9AA291970692992E310AAB32520C5CA58001CEA
                                                                                                                                                                                                                                                                          SHA-512:DD9DDC1B6A52AD37C647562D42979A331BE6E6D20885B1A690C3AEEE2CFC6F46404B994225D87141CA47D5C9650CC66C72A118B2D269D2F3FDEA52624216E3BC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/underscore-1.13.4.js
                                                                                                                                                                                                                                                                          Preview:(function (global, factory) {..typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :..typeof define === 'function' && define.amd ? define('underscore', factory) :..(global = typeof globalThis !== 'undefined' ? globalThis : global || self, (function () {.. var current = global._;.. var exports = global._ = factory();.. exports.noConflict = function () { global._ = current; return exports; };..}()));. }(this, (function () {..// Underscore.js 1.13.4..// https://underscorejs.org..// (c) 2009-2022 Jeremy Ashkenas, Julian Gonggrijp, and DocumentCloud and Investigative Reporters & Editors..// Underscore may be freely distributed under the MIT license.. ..// Current version...var VERSION = '1.13.4';. ..// Establish the root object, `window` (`self`) in the browser, `global`..// on the server, or `this` in some virtual machines. We use `self`..// instead of `window` for `WebWorker` support...var root = (typeof self == 'object' && self.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 773

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.284183719779189
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:tXMlSNDrPUbql:t8lSBjUbql
                                                                                                                                                                                                                                                                          MD5:89A022138DAA614E95AD7A3B9AE198C9
                                                                                                                                                                                                                                                                          SHA1:7D91DA531C71F444BE043BB095B3C9FE45D36BD6
                                                                                                                                                                                                                                                                          SHA-256:D1A7039F33569760901D2298295A6EDE0841EF03BF01C080B407941004DAA915
                                                                                                                                                                                                                                                                          SHA-512:D7A228A873307228BCB7C48C96016A390A54961322D9A68DE2C8142BD4D208C47C39BA24EF202AB367E86B6F6BF1B2E537840C3A295DA5EFD94DAF3880183BE0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmpxiXbITt9jxIFDZFhlU4SBQ01hlQc?alt=proto
                                                                                                                                                                                                                                                                          Preview:ChwKDQ2RYZVOGgQIVhgCIAEKCw01hlQcGgQISxgC

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 774

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5430
                                                                                                                                                                                                                                                                          Entropy (8bit):3.6534652184263736
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                                                                                                                                                                                                                                          MD5:F3418A443E7D841097C714D69EC4BCB8
                                                                                                                                                                                                                                                                          SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                                                                                                                                                                                                                                          SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                                                                                                                                                                                                                                          SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/favicon.ico
                                                                                                                                                                                                                                                                          Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 775

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):95538
                                                                                                                                                                                                                                                                          Entropy (8bit):5.436334510106879
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:8Aa0TZtPgFqdho7ia+2O9UMyc9nh7Hq2E:LTZtYFwF95ycFJKX
                                                                                                                                                                                                                                                                          MD5:727CBFA3B7290D35E267891F582F88B1
                                                                                                                                                                                                                                                                          SHA1:AA9B4CE6826B46DB56E8FCAE0D1284248BF6C278
                                                                                                                                                                                                                                                                          SHA-256:A5951034FFBA6569EF62BEFC21854C90CD987F3935BF1826E5455ED47EECB5E2
                                                                                                                                                                                                                                                                          SHA-512:271A8A1D392C81490D01079F8C9C9856ED3E73CC552895B9C290E19CB06E953D247FE410A5641B95801109E4DDC65C98F8335E8236E83195B4BF0BE0E61808C4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/6s06vlv92ffjugj7k5xnkp5m9
                                                                                                                                                                                                                                                                          Preview:!function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=114)}({0:function(t,e,n){"use strict";n.d(e,"j",(function(){return u})),n.d(e,"x",(function()

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 780

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 176 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2584
                                                                                                                                                                                                                                                                          Entropy (8bit):7.591818812076699
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:4wqQNn2xoJ35l3QWpQSufhbTCFV0Q0jkIPIH+UCKPnaqiLruSd+1w:oY2ml31ZCdqWQMkADnK41d+1w
                                                                                                                                                                                                                                                                          MD5:86A9CCC0B872F22006A48BC6C2500F4E
                                                                                                                                                                                                                                                                          SHA1:0EDCCF2CBC869816135C6FF4C3EEE0C49D0F41C1
                                                                                                                                                                                                                                                                          SHA-256:D8BBE461137D50211568449468A1981EF189248200EADD48C3141A9DF0B8F7FC
                                                                                                                                                                                                                                                                          SHA-512:43EBD681FE137718E45153B9CE062CE9426AC57D6CE907BD3B1C7709BF6F6D2AB4B49E22F2DC4F203DEDF860A895A4B58F4A01095E97722CE5F27935038F0B56
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/images/footerLogo_valve_new.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......2.......Q.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:595356BA543311EAAC5FF1C3D4DCAF18" xmpMM:DocumentID="xmp.did:595356BB543311EAAC5FF1C3D4DCAF18"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:595356B8543311EAAC5FF1C3D4DCAF18" stRef:documentID="xmp.did:595356B9543311EAAC5FF1C3D4DCAF18"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>tU......IDATx..][l.E.....Q(.....11.VTL."....cb.1../.`x.x...&..F}P.....$*........J..5^Z5..@Kc...3...?{f.....%_...f.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 781

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (361), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):57258
                                                                                                                                                                                                                                                                          Entropy (8bit):5.243366680566906
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:kHHithZY2ucy8vQfVYvArYRaeNBJk0XHBkwQ+JOJSk3acbAHEvaSlEP04rn/xENj:of8JXNrhBcRTUEFwiKYfBn
                                                                                                                                                                                                                                                                          MD5:3D42397BCB312EC07D70AE0D68FBADDE
                                                                                                                                                                                                                                                                          SHA1:3AF248D34E6A31B3D3269C65505458D42372EF0B
                                                                                                                                                                                                                                                                          SHA-256:53961D66B24EF8CC16B6CB5CB249CDF311AA89B6AFC70F06A242FCCC3A4EFCD3
                                                                                                                                                                                                                                                                          SHA-512:F4C325A231B11CE6A3E2899367E081CD6AC2E7AC1469542414BA0E3B57DF5897DF51615E2AD0AB6559E6B38003FFDBFA533C6E5701D0BC2F40FAE80EB4332348
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english
                                                                                                                                                                                                                                                                          Preview:/* CSS Document */....body.v6 {....font-family: "Motiva Sans", Sans-serif;....font-weight: normal; /* normal */......}.....tooltip_q_ctn {.. background: rgba(255,255,255,0.4);.. color: white;.. border-radius: 10px;.. font-size: 11px;.. padding: 1px 5px 2px 5px;.. cursor: default;..}...tooltip_q_ctn:hover {.. background: rgba(255,255,255,0.5);..}....body.v6.checkout .page_header_ctn {...padding-bottom: 47px;...margin-bottom: -50px;..}....body.v6.checkout_microtxn .page_header_ctn {...padding-bottom: 47px;...margin-bottom: -10px;..}....body.v6.cart_page h4 {.....font-family: "Motiva Sans", Sans-serif;....font-weight: normal; /* normal */.......font-weight: normal;...color: #c7d5e0;..}....body.v6.login .rightcol h2 {...margin-top: 0px;..}..body.v6.login .rightcol .spotlight_block {...margin-bottom: 25px;..}....#checkout_review_cart_area {...margin-top: 56px;..}....#payment_info_tab .checkout_content .payment_info_form_area {...background: rgba( 0, 0, 0, 0.2 );...paddi

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 782

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (1072)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):8495
                                                                                                                                                                                                                                                                          Entropy (8bit):5.275440798203752
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:aenh+xzLOqNq/3txta6YwphRxmMEn2bxHKnxMW2bxzKnxFaSDx+9t/lUVVF:aih+xnc/3Pta610n+TWMeSjNkF
                                                                                                                                                                                                                                                                          MD5:B7BD115B310E7F17BB2F8B172A2D1F79
                                                                                                                                                                                                                                                                          SHA1:6BC35CE3A66B6AE45711558614B1E244C92E0389
                                                                                                                                                                                                                                                                          SHA-256:CE3C98C5826D3F5975B902E5B780C07240C61A6AE49DFC7CEEEE0E0705005594
                                                                                                                                                                                                                                                                          SHA-512:6C1D43BC27C1FD0CD2E012D05DBA8341067C9E4B7FFBC30A22B67DE178CD61F5A0E49C0CF8CB8CE01F60BA0A3AF8062E9500845D707AA7B5D70FD53D96F3FF38
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true
                                                                                                                                                                                                                                                                          Preview:<html>..<head>...<style>.....spinner:after,.spinner:before{content:''}#recaptcha{z-index:1}@-webkit-keyframes rotation{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@-moz-keyframes rotation{from{-moz-transform:rotate(0);transform:rotate(0)}to{-moz-transform:rotate(359deg);transform:rotate(359deg)}}@-o-keyframes rotation{from{-o-transform:rotate(0);transform:rotate(0)}to{-o-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes rotation{from{transform:rotate(0)}to{transform:rotate(359deg)}}.spinner:before{display:block;margin:40px auto;width:34px;height:34px;border-left:8px solid rgba(0,0,0,.2);border-right:8px solid rgba(0,0,0,.2);border-bottom:8px solid rgba(0,0,0,.2);border-top:8px solid #2180c0;border-radius:50px;-webkit-animation:rotation .7s infinite linear;-moz-animation:rotation .7s infinite linear;-o-animation:rotation .7s infinite linear;animation:rotation .7s infinite linear}.spinner:after{position:fi

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 783

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (9373), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):9373
                                                                                                                                                                                                                                                                          Entropy (8bit):5.495508762342706
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:AzkB3cEku5jE2RYu7J7IwHBq5+fLV8txbd67wlq0yThr+Cw:dB3cNuBEw7RIwHBq5MLV8riwlq0Ohr+t
                                                                                                                                                                                                                                                                          MD5:F6A60CEEF951E2E9C7A7548CD001FABC
                                                                                                                                                                                                                                                                          SHA1:1F756FD4769FAC822D65883D1A868C648B704F92
                                                                                                                                                                                                                                                                          SHA-256:4C57B69732A2FE12E9342F2AD1ADBFF4EBE945DC7662D03E91B4464A5289D7FD
                                                                                                                                                                                                                                                                          SHA-512:CD8AE62E41A836145BBD135354A7986529B246C05239BE4EDD4E1D3A8BEA2FEA3199713F1364F0BD3B23C537F6F84D15C27F804BE1C23C8452626A0A4082ACDC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.epicgames.com/id/login
                                                                                                                                                                                                                                                                          Preview:<!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,minimal-ui,shrink-to-fit=no,viewport-fit=cover"><meta id="theme-color-meta" name="theme-color" content="#000000"><meta name="referrer" content="origin-when-cross-origin"><link rel="manifest" href="https://static-assets-prod.unrealengine.com/account-portal/static/manifest.json"><link rel="shortcut icon" href="https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png"><link rel="apple-touch-icon" href="https://static-assets-prod.unrealengine.com/account-portal/static/epic_logo.png"><script type="text/javascript">try{window.AppInit=Date.now().toString()}catch(e){console.error(e)}window._epicEnableCookieGuard=!1,window.flexview&&function(){window.flexview.showProgress();var e=2===window.kitt.version.major?"FaceButton_Enter"===window.kitt.queryFaceButtonFunction("FaceButton_Right"):0===window.kitt.queryFaceButtonFunction(3);function n(n){(e?13===n

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 784

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65254), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):183051
                                                                                                                                                                                                                                                                          Entropy (8bit):5.056133474270259
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:zwAA36oGqNyrrdiEEUl3SoZsJcl1jv2vQErjitufgFwfzr6oQfV38rLObbAlU:zLHdiUMm1sQErjMufgFwfzr6oQerLY
                                                                                                                                                                                                                                                                          MD5:C6E88CA5A300CBF9AAC9544A466E004B
                                                                                                                                                                                                                                                                          SHA1:3D3A388778CB7EB47EF7DB45DD1C90465579E4B8
                                                                                                                                                                                                                                                                          SHA-256:112FC8228766C76911DD74F1930F2967C60C10994B96C05EA342635FF11BF0C3
                                                                                                                                                                                                                                                                          SHA-512:2484105B517EF0F937110C94E818DF16632F8233C1C0B7D1F7CF3A624001F5677CEC00CFA2542883ECB472BB1C0D5EA3E41B0661B4ACED524C5C8BC2B414708F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/shared_english-json.js?contenthash=3e0fa891e0ead12a1cbd
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkstore=self.webpackChunkstore||[]).push([[7975],{44965:e=>{e.exports=JSON.parse('{"language":"english","Steam_Platform":"Steam","Button_About":"About","Button_Append":"Append","Button_Back":"Back","Button_Cancel":"Cancel","Button_Close":"Close","Button_Clone":"Clone","Button_Confirm":"Confirm","Button_Copy":"Copy","Button_Copied":"Copied","Button_CopyClipboard":"Copy to Clipboard","Button_CopyLink":"Copy Link","Button_Continue":"Continue","Button_Create":"Create","Button_Delete":"Delete","Button_Discuss":"Discuss","Button_Dismiss":"Dismiss","Button_Edit":"Edit","Button_Learn":"Learn more here","Button_Publish":"Publish","Button_Post":"Post","Button_OK":"OK","Button_Done":"Done","Button_Overwrite":"Overwrite","Button_Retry":"Retry","Button_Remove":"Remove","Button_Revert":"Revert","Button_Save":

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 785

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (718)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):941
                                                                                                                                                                                                                                                                          Entropy (8bit):5.357077661086532
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:iWGKfWGE5dNUG1b79VKYqIE7504lpTigQ9gxgCBmrpZWmkNUG1bY:iI+NUG19cd17VqeglXWmkNUG1U
                                                                                                                                                                                                                                                                          MD5:CEAAC41456859D31263A7458F7DA736C
                                                                                                                                                                                                                                                                          SHA1:D91098D4CEDF08591D6AB9D7013B4CF63B376C5B
                                                                                                                                                                                                                                                                          SHA-256:1B6922C155FBDCFF03D177D48A21075884C9B60EFB24DC743A5A3D8762030E22
                                                                                                                                                                                                                                                                          SHA-512:28F436D1ADFAB19057B49B076DE6CD495E1653E167207134DB7B777D283B3A642568BD8BD01AD8F2977B662E3EF101B94EF0F508D56E297A033637E5F50F187A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.DashMenu~loader.SideNav~loader.DMDrawer~bundle.MultiAccount~bundle.AccountAnalytics~bundle.Comm.7adf520a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.DashMenu~loader.SideNav~loader.DMDrawer~bundle.MultiAccount~bundle.AccountAnalytics~bundle.Comm"],{679098:(e,t,n)=>{n(826590);var r=null;e.exports={inject:function(e){r=e},get:function(){return r}}},277660:(e,t,n)=>{var r=n(679098),u=n(606161).useTrackLoadQueryInRender,a=n(524550),s=n(400023),o=(n(202784).useDebugValue,n(703383).getFragment);e.exports=function(e,t){var n=r.get();return n?n.useFragment(e,t):function(e,t){u();var n=o(e);return s(n,"first argument of useFragment()"),a(n,t,"useFragment()").data}(e,t)}},400023:(e,t,n)=>{n(202784).useRef,n(826590);e.exports=function(e,t){}}}]);.//# sourceMappingURL=https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DashMenu~loader.SideNav~loader.DMDrawer~bundle.MultiAccount~bundle.AccountAnalytics~bundle.Comm.7adf520a.js.map

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 786

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):33514
                                                                                                                                                                                                                                                                          Entropy (8bit):5.060602493646791
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:jDy9k42NxFGFsFeesFGFsFeSXqHcFGFsFe6XXqHjFGFsFeF2kFGFsFeFXFGFsFes:jDy9k42NxI6EesI6EMI6E/I6EgkI6EdJ
                                                                                                                                                                                                                                                                          MD5:D4BFBFA83C7253FAE8E794B5AC26284A
                                                                                                                                                                                                                                                                          SHA1:5D813E61B29C8A7BC85BFB8ACAA5314AEE4103E3
                                                                                                                                                                                                                                                                          SHA-256:B0169C2A61B9B0DDC1D677DA884DF7FD4D13CE2FD77255378764CCA9B0AA6BE6
                                                                                                                                                                                                                                                                          SHA-512:7D41C055D8AB7CE9E1636E6A2EE005B1857D3CB3E2B7E4B230BBDCC2FC0BA2DA4622EED71B05FB60A98F0CF3CBDA54AC4962BCDB2344EDF9B5DFBCCD87A4925A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/css/app.css
                                                                                                                                                                                                                                                                          Preview:/** method responsible for loading the background image set in CSS **/.@-webkit-keyframes rotation {. from {. -webkit-transform: rotate(0deg);. transform: rotate(0deg);. }. to {. -webkit-transform: rotate(359deg);. transform: rotate(359deg);. }.}.@-moz-keyframes rotation {. from {. -moz-transform: rotate(0deg);. transform: rotate(0deg);. }. to {. -moz-transform: rotate(359deg);. transform: rotate(359deg);. }.}.@-o-keyframes rotation {. from {. -o-transform: rotate(0deg);. transform: rotate(0deg);. }. to {. -o-transform: rotate(359deg);. transform: rotate(359deg);. }.}.@keyframes rotation {. from {. transform: rotate(0deg);. }. to {. transform: rotate(359deg);. }.}./* Lib */.#main .headContainer {. margin-bottom: 10px;.}./* mobile ---- */.@media all and (max-width: 767px) {. * {. -webkit-tap-highlight-color: transparent;. -webkit-touch-callout: none;. }. header.headContainer {. width: 100%;. }.}./* Animator setting

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 787

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):25417
                                                                                                                                                                                                                                                                          Entropy (8bit):4.641664509877341
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:fe93jGIJI2AN/yRikI+aDDe2MJS0KYqKDmBVogMorGNq49n7jneB54DpJqhhwAW4:Y4+/KBVC7xVs
                                                                                                                                                                                                                                                                          MD5:4FB1FFD27A73E1DBB4DD02355A950A0B
                                                                                                                                                                                                                                                                          SHA1:C1124B998C389FB9EE967DCCF276E7AF56F77769
                                                                                                                                                                                                                                                                          SHA-256:79C488E61278C71E41B75578042332FB3C44425E7DBB224109368F696C51E779
                                                                                                                                                                                                                                                                          SHA-512:77695F1A32BE64925B3564825B7CB69722A2C61B23665D5B80B62DEC5692579C12ACCABB970954F0BF73DFDBF861BF924F7CC1486E754E3A8F594B2969F853F2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/dust-core.js
                                                                                                                                                                                                                                                                          Preview:/*! Dust - Asynchronous Templating - v2.6.2.* http://linkedin.github.io/dustjs/.* Copyright (c) 2015 Aleksander Williams; Released under the MIT License */.(function (root, factory) {. /*global define*/. if (typeof define === 'function' && define.amd && define.amd.dust === true) {. define('dust.core', [], factory);. } else if (typeof exports === 'object') {. module.exports = factory();. } else {. root.dust = factory();. }.}(this, function() {. var dust = {. "version": "2.6.2". },. NONE = 'NONE', ERROR = 'ERROR', WARN = 'WARN', INFO = 'INFO', DEBUG = 'DEBUG',. EMPTY_FUNC = function() {};.. dust.config = {. whitespace: false,. amd: false. };.. // Directive aliases to minify code. dust._aliases = {. "write": "w",. "end": "e",. "map": "m",. "render": "r",. "reference": "f",. "section": "s",. "exists": "x",. "notexists": "nx",. "block": "b",. "partial": "p",. "helper": "h". };.. (function initLogging() {. /

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 788

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3564
                                                                                                                                                                                                                                                                          Entropy (8bit):4.920420499731642
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:gm8sIY/0E8/jFKNGdBr9wFafSzqKo1NX+JiYCHVnb7RzmM6EWclslaEWu+xMRfU6:xpIY98zN9CXzmsPyxbZ2EWaErdNF
                                                                                                                                                                                                                                                                          MD5:12E5657A61A6A578E4122B6B5B79348F
                                                                                                                                                                                                                                                                          SHA1:2F1DDE1B74A554CBDBF6764C8E84D645EDFA5862
                                                                                                                                                                                                                                                                          SHA-256:A3C9F1EE51287C4CEC2F44AE30887B767E0D7B024CE49F5FB7C8C26A337D7E3F
                                                                                                                                                                                                                                                                          SHA-512:22D4077F3F27C4F147BA750B4D5859ED36F676FC5B8E54516869C1FE94AECB8C2F1D5933F6993E5F46A838D5D6A66129E191DD03D8219C32E8121DD13509D9C6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/view/pageView.js
                                                                                                                                                                                                                                                                          Preview:/*global define:true, s:true */..define(["jquery", "backbone", "BaseView"],...function ($, Backbone, BaseView) {...."use strict";....var PageView = BaseView.extend({.....model: null, // Backbone model.....trackingPrefix: 'main:auth-challenge:::',.....request: function(options) {......return $.ajax({......dataType: "json",......url: options.url,......data: options.params,......type: options.method,......headers: {......."X-CSRF-Token": this.model.get("token") || $(document.body).data("token")......},......timeout: 15000,.......success: function(response) {.......return options.success.apply(null, arguments);......},.......error: function(xhr, textStatus, errorThrown) {.......options.error.apply(null, arguments);......}.....});....},...../**.... * Set the footer correctly..... * It should be position: fixed when window is tall enough..... * It should be position: static when window isn't tall enough.... */....setFooterPlacement: function() {.....var totalContentHeight,......windowHeight

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 789

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (7990)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):94376
                                                                                                                                                                                                                                                                          Entropy (8bit):5.474209234523721
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:tbIFCQ6oxcLY2kiAGWx0KDCJcrjrMwmvsPD3o4CQ5EcFiN7:tb+tiLY2kiAGWx0KDCJcrjrMwmvsPJCf
                                                                                                                                                                                                                                                                          MD5:D30968EFEAD2C4A472BC43EE61D33703
                                                                                                                                                                                                                                                                          SHA1:D7AF993D09603C3376F06CE4241F5F537880D595
                                                                                                                                                                                                                                                                          SHA-256:ACFBD0FF2C575D67FF2E5CB994B7A36547380E3F968035A65EE645EC0C1A7F09
                                                                                                                                                                                                                                                                          SHA-512:DCB38CB6C8A7C2B6A80AD4339729C9F6FC931ED82ED12E72A943F93F4FCAAFCC3ED3B6F55BC0D2907AADEAB459BD12E6F698DA6B09FD7A2E6BAE144A3DB57D9A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3ix8E4/yj/l/en_US/qGs60wT1cVm.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("CometVirtualCursorStatus",["UserAgent","cr:1345969","setTimeout"],(function(a,b,c,d,e,f,g){"use strict";var h=null,i=null;function j(){i||(i=window.addEventListener("blur",function(){h=null,k()}))}function k(){i&&(i.remove(),i=null)}function a(a){h=a.keyCode,j()}function d(a){h=null,k()}if(typeof window!=="undefined"&&window.document&&window.document.createElement){f=document.documentElement;if(f)if(f.addEventListener)f.addEventListener("keydown",a,!0),f.addEventListener("keyup",d,!0);else if(f.attachEvent){f=f.attachEvent;f("onkeydown",a);f("onkeyup",d)}}var l={getKeyDownCode:function(){return h},isKeyDown:function(){return!!h}},m=!1,n=!1,o=null,p=!1;function q(a){var b=new Set(),d=l.isKeyDown(),e=a.WEBKIT_FORCE_AT_MOUSE_DOWN,f=a.clientX,g=a.clientY,h=a.isTrusted,i=a.mozInputSource,j=a.offsetX,k=a.offsetY,o=a.webkitForce;f===0&&g===0&&j>=0&&k>=0&&n&&h&&i==null&&b.add("Chrome");m&&n&&!d&&o!=null&&o<e&&j===0&&k===0&&i==null&&b.add("Safari-edge");f===0&&g===0&&j<0

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 790

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (43448), with NEL line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):143485
                                                                                                                                                                                                                                                                          Entropy (8bit):5.413355635096018
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:bOhZOcK5C4V/qqHZPWBBJ6qzwqCKuR0KM9M5DQmXlkRKKFJ9QHHxXkE4NRRTYF17:Kucy1HZwv6q8qCRR3MO5hoRBD0
                                                                                                                                                                                                                                                                          MD5:A2B383F006C9484F3DFC2D433E205805
                                                                                                                                                                                                                                                                          SHA1:FBBE1D999A1180987DB11E4A250681DC7B117D5B
                                                                                                                                                                                                                                                                          SHA-256:5C5182E139635B9164F1F08D45778007047CAC78688A866C7190C1E6C21F3582
                                                                                                                                                                                                                                                                          SHA-512:E77E058EBB0727A1E70F4626CBF032EA4FA02F0D8D95ADE744E3857F8FF6F4690AA0ABDC5E347E1158EBD0830353EB18085306770A4E5084995BFACB91E1A5E9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-serviceworker/serviceworker.4f2224ca.js
                                                                                                                                                                                                                                                                          Preview:(()=>{var t={7111:(t,e,r)=>{"use strict";var n=r(6733),o=r(9821),i=TypeError;t.exports=function(t){if(n(t))return t;throw new i(o(t)+" is not a function")}},7988:(t,e,r)=>{"use strict";var n=r(2359),o=r(9821),i=TypeError;t.exports=function(t){if(n(t))return t;throw new i(o(t)+" is not a constructor")}},8505:(t,e,r)=>{"use strict";var n=r(6733),o=String,i=TypeError;t.exports=function(t){if("object"==typeof t||n(t))return t;throw new i("Can't set "+o(t)+" as a prototype")}},9736:(t,e,r)=>{"use strict";var n=r(95),o=r(2391),i=r(1787).f,a=n("unscopables"),u=Array.prototype;void 0===u[a]&&i(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},6637:(t,e,r)=>{"use strict";var n=r(966).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},7728:(t,e,r)=>{"use strict";var n=r(1321),o=TypeError;t.exports=function(t,e){if(n(e,t))return t;throw new o("Incorrect invocation")}},1176:(t,e,r)=>{"use strict";var n=r(5052),o=String,i=TypeError;t.exports=function(t){if(n(t))re

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 791

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (715)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):50702
                                                                                                                                                                                                                                                                          Entropy (8bit):5.373070303650078
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:Ifd/sRuiALPAavkj70bI5D4nDltOC2B7F:IfdURZGvkjob44J8F
                                                                                                                                                                                                                                                                          MD5:44CA3D8FD5FF91ED90D1A2AB099EF91E
                                                                                                                                                                                                                                                                          SHA1:79B76340CA0781FD98AA5B8FDCA9496665810195
                                                                                                                                                                                                                                                                          SHA-256:C12E3AC9660AE5DE2D775A8C52E22610FFF7A651FA069CFA8F64675A7B0A6415
                                                                                                                                                                                                                                                                          SHA-512:A5CE9D846FB4C43A078D364974B22C18A504CDBF2DA3D36C689D450A5DC7D0BE156A29E11DF301FF7E187B831E14A6E5B037AAD22F00C03280EE1AD1E829DAC8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
                                                                                                                                                                                                                                                                          Preview:/*.. Copyright 2014 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License... Copyright 2016 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 792

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3845)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):17683
                                                                                                                                                                                                                                                                          Entropy (8bit):5.308987364842225
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZpdjjASSX0IwihHlVfTniiwacpQ9QhfOLuwUjuTZsL/LCPKLiFtLxnBfyyDLUba0:L9jAScDFwk9Q0KwTJXqS3TGeatU2
                                                                                                                                                                                                                                                                          MD5:9396C0184D290C575AFB2A5835BA359C
                                                                                                                                                                                                                                                                          SHA1:80DA7446E6976D050618DFB45CD41138BCD388E6
                                                                                                                                                                                                                                                                          SHA-256:BC18C0FE793F3720DD6C52BDE4737ACD1E3B90E3418C9DF7B1F6C674740130A0
                                                                                                                                                                                                                                                                          SHA-512:B1877898FAAC4B42A8D74E6E7F1A2E69403A31C8EBC73DAB12067C81C7BBE3CF88DAA329A3069385A098B01D3331D69318163DFCE70993E97A8D21AD0DB25ADE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/z8iN9p2rYBG.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                                                                                          Preview:.fbPageBanner{position:relative;z-index:301}.hideBanner .fbPageBanner,.fixedBody .fbPageBanner{display:none}@media (min-width: 480px){.fbPageBannerInner{margin:auto;max-width:950px;min-width:920px}}.sidebarMode .fbPageBannerInner{left:-102px;position:relative}..fbIndex .uiWashLayoutBlueWash{background-color:#c4d2e7}.fbIndex .contentContainer{margin:0 auto 0 auto;width:980px}.fbIndex .bodyWash{margin-bottom:0}.fbIndex .locales{margin:10px auto 0;width:980px}.fbIndex .gradient{background:url(/rsrc.php/v3/yB/r/TwAHgQi2ZPB.png) 0 bottom repeat-x;background:linear-gradient(white, #d3d8e8)}.fbIndex .gradient{min-width:980px}.fbIndex .gradient .gradientContent{margin:0 auto;position:relative;width:980px}.._8esj{background:#c9ccd1}._95k9{background:#f0f2f5;min-width:500px}._8ien{background-color:transparent;overflow:visible;padding:0;width:432px}._8esf._8fgk ._8esl{width:548px}._8esf._8fgk._8ilg ._8esl{width:580px}._8fgk._8idq ._3ixn{background-color:rgba(255, 255, 255, .8)}._8ien ._8idr{posit

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 793

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (687)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):4134
                                                                                                                                                                                                                                                                          Entropy (8bit):5.372195203947504
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:veAm8QiotY/wrgKIVzje85IdYS3S3s9ToXG2XGfXMskjsSoUysRAT7XlskD5aQ0J:GQCtvQnRMH3SOc7UCjoUyNjInUusw
                                                                                                                                                                                                                                                                          MD5:AD7B1FB9C8BC165B42508DC147796AC2
                                                                                                                                                                                                                                                                          SHA1:36E3BC93E74FDFBB170B18EB865A65588EFCC04D
                                                                                                                                                                                                                                                                          SHA-256:B8ABD62C93FD04D04FD699794D1FB3B3363BBE9EDB28068CC16511DA663DB315
                                                                                                                                                                                                                                                                          SHA-512:C945A1442B50A01990464EE0C0D44782E6579B1BB110101951B9E488F40A7584D8ABE1925C7767CF905553A4C6F51F1DFC2B25CFB540684060C19E55CD48EEEA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=NTMZac,sOXFj,q0xTif,ZZ4WUe"
                                                                                                                                                                                                                                                                          Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.mg(_.lma);._.k("sOXFj");.var rs=function(a){_.I.call(this,a.Ha)};_.z(rs,_.I);rs.Oa=_.I.Oa;rs.Ba=_.I.Ba;rs.prototype.aa=function(a){return a()};_.ls(_.kma,rs);._.m();._.k("oGtAuc");._.Jra=new _.Kl(_.lma);._.m();._.k("q0xTif");.var Gsa=function(a){var b=function(d){_.vn(d)&&(_.vn(d).qc=null,_.Es(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Qs=function(a){_.Oq.call(this,a.Ha);this.Ra=this.dom=null;if(this.Yh()){var b=_.Ml(this.Df(),[_.rm,_.qm]);b=_.ej([b[_.rm],b[_.qm]]).then(function(c){this.Ra=c[0];this.dom=c[1]},null,this);_.cs(this,b)}this.Ma=a.nh.f7};_.z(Qs,_.Oq);Qs.Ba=function(){return{nh:{f7:function(){return _.Wf(this)}}}};Qs.prototype.getContext=function(a){return this.Ma.getContext(a)};.Qs.prototype.getData=function(a){return this.Ma.getData(a)};Qs.protot

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 794

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1819), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):86631
                                                                                                                                                                                                                                                                          Entropy (8bit):5.670274318858828
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:DTYiHUrJv7oAM2PW6tNEEIqbvRC8QWQMJdiJpJxfUaEFxfsN/WCcZsb98ckbYrcC:auJxFEr5CRe7+iSgu873pO9EdUnweoQr
                                                                                                                                                                                                                                                                          MD5:3300D9B24D51034CA8717DCE363CCAF7
                                                                                                                                                                                                                                                                          SHA1:B36AA790D60F743F2F724624991AC81A0B9465AD
                                                                                                                                                                                                                                                                          SHA-256:6F252E49F8122DFC13A74ECC838EDC4A60280BFE2866CE70F5A25AD2EEE92005
                                                                                                                                                                                                                                                                          SHA-512:2840045F5AA428B313AAB4563183399EAFA9C0B2CB5BFA349F5AC77B7D8D4C2EA84F010591E460915DBA67359EFD9D00E0EFEA6092BA9CF565713D1AECF850EC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=MwDZsk1RA0yo&l=english
                                                                                                                                                                                                                                                                          Preview::root {.../* System greys */...--gpSystemLightestGrey: #DCDEDF;...--gpSystemLighterGrey: #B8BCBF;...--gpSystemLightGrey: #8B929A;...--gpSystemGrey: #67707B;...--gpSystemDarkGrey: #3D4450;...--gpSystemDarkerGrey: #23262E;...--gpSystemDarkestGrey: #0E141B;...../* Store blue greys */...--gpStoreLightestGrey: #CCD8E3;...--gpStoreLighterGrey: #A7BACC;...--gpStoreLightGrey: #7C8EA3;...--gpStoreGrey: #4e697d;...--gpStoreDarkGrey: #2A475E;...--gpStoreDarkerGrey: #1B2838;...--gpStoreDarkestGrey: #000F18;...../* Gradients */...--gpGradient-StoreBackground: linear-gradient(180deg, var(--gpStoreDarkGrey) 0%, var(--gpStoreDarkerGrey) 80%);...--gpGradient-LibraryBackground: radial-gradient(farthest-corner at 40px 40px,#3D4450 0%, #23262E 80%);...../* Colours */...--gpColor-Blue: #1A9FFF;...--gpColor-BlueHi: #00BBFF;...--gpColor-Green: #5ba32b;...--gpColor-GreenHi: #59BF40;...--gpColor-Orange: #E35E1C;...--gpColor-Red: #D94126;...--gpColor-RedHi: #EE563B;...--gpColor-DustyBlue: #417a9b;...--gpColor-L

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 796

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (948)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1147
                                                                                                                                                                                                                                                                          Entropy (8bit):5.378216381099995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:iWGKfWGE519sZuLIFnKZkOrZpSGQHtI/5WQaQPWy+4i2pS3WmI9sk:iI+994f+ZqyWreWy32WmI9n
                                                                                                                                                                                                                                                                          MD5:2D7B1637BEEA5D616C9AA166EDEA4F67
                                                                                                                                                                                                                                                                          SHA1:3CACF19B7535FC7E4C331B88873687399A2FC3C2
                                                                                                                                                                                                                                                                          SHA-256:594B86A5735915E8953D59B6A314AEC83C95E0D1BD33D05D4260846967B8D869
                                                                                                                                                                                                                                                                          SHA-512:D457ACD459302AF474A5B335C6643AD97A4B5132F3770467E91059086C91958E64CCA4CA40B03D1EEDAAA9D75C25E2436C879E4C68D184D0CB86050AC87CAE3F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AppModules~bundle.LoggedOutHome~ondemand.SettingsRevamp~bundle.Settings.826d060a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AppModules~bundle.LoggedOutHome~ondemand.SettingsRevamp~bundle.Settings"],{544337:(e,n,t)=>{t.d(n,{D0:()=>l,c$:()=>a,fD:()=>r,iB:()=>f,jk:()=>u});var o=t(260328),s=t(472599);const i=2,c=1e3,r=Object.freeze({AcceptAllCookies:"acceptAllCookies",RefuseNonEssentialCookies:"refuseNonEssentialCookies",Invalid:"invalid",NotSet:"notSet"});function l(e){const n=(0,o.bL)(e);return n?v(n)?d(n)?n[1]?r.AcceptAllCookies:n[2]?r.RefuseNonEssentialCookies:((0,s.ZP)("Invalid consent signal state"),r.Invalid):r.NotSet:r.Invalid:r.NotSet}function u(e){(0,o.kA)({consent_version:i,text_version:c,1:!0},e)}function a(e){(0,o.kA)({consent_version:i,text_version:c,2:!0},e)}function v(e){return!(e[1]&&e[2])}function d(e){return e[1]||e[2]}function f(e){const n=(0,o.bL)(e);return!n||(!v(n)||!d(n)||n.consent_version<i||n.text_version<c)}}}]);.//# sourceMappingURL=https://ton.local.twitter.com/

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 797

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1836)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2203
                                                                                                                                                                                                                                                                          Entropy (8bit):5.174339137690541
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:JWkE6QNk+3h/BM75/dMwZwX1+kgz2i+k33lfhxYCLp1TLvoR:Qdh/BM9lLZe1+kpi/31zY2p1Pg
                                                                                                                                                                                                                                                                          MD5:BFACF4E8FD8DF9912A9049CE6A5572AD
                                                                                                                                                                                                                                                                          SHA1:2C1298F06EBD6A43EEF8A9AC3F6F10BA456DFD04
                                                                                                                                                                                                                                                                          SHA-256:EBF07F2876A1D4D8EB16D2EE5199E1CA34E7766696F4E4B6DADCC36070DCC379
                                                                                                                                                                                                                                                                          SHA-512:084767C26FB942BAF806E4C8262EFEDAC7F713DC9A673B5CACCB6CA773366B237490AEFAAA3077153D4F4224A9AD35725A659CF787D0E0415987B9FEB04694B5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/js/polyfills.b542ecef.chunk.js
                                                                                                                                                                                                                                                                          Preview:.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="e71ee09d-4a43-520a-b1dd-77e7f96b0128")}catch(e){}}();.(this["webpackJsonpaccountportal-node-website"]=this["webpackJsonpaccountportal-node-website"]||[]).push([[1],{1662:function(n,e,o){"use strict";o.r(e),o.d(e,"register",(function(){return a})),o.d(e,"unregister",(function(){return s}));var t=o(10),r=o.n(t),i=Boolean("localhost"===r.a.location.hostname||"[::1]"===r.a.location.hostname||r.a.location.hostname.match(/^127(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$/));function a(n){if("serviceWorker"in navigator){if(new URL("https://static-assets-prod.unrealengine.com/account-portal/static",r.a.location).origin!==r.a.location.origin)return;r.a.addEventListener("load",(function(){var e="".concat("https://static-assets-prod.unrealengine.com/account-portal/static","/service-wor

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 798

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (775)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1479
                                                                                                                                                                                                                                                                          Entropy (8bit):5.29976786498676
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:kMYD7xeWDK011bB0qraNJSYOa/HTH3LNPi5si8Lkk4v/NGbBQGbk6FOA/dGlZmrw:o7x8011bu+YXZhfojv1GbBQGbP9FyZm8
                                                                                                                                                                                                                                                                          MD5:16FCE40330CC27A19E40EAF6EFF810F9
                                                                                                                                                                                                                                                                          SHA1:0A7AAEE23F5602D78BA63CD165DA7CCB275268A3
                                                                                                                                                                                                                                                                          SHA-256:AA1889B9FCAF667E32C3325B78B6759EAB8E05FC15A7D8528C49FEE623629904
                                                                                                                                                                                                                                                                          SHA-512:06D7CE7A7999BCF9F61602C2784ACD76DA366F882346D33D332D9C179263C09E56D1BC8723DE699269A7F6FC5E146F0364B9BBF17FA03181EA38DF0068B5A5DA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("kMFpHd");._.YSa=new _.Kl(_.fm);._.m();._.k("bm51tf");.var aTa=!!(_.$g[0]>>21&1);var cTa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ja=c;this.Ca=d;this.Fa=e;this.aa=0;this.da=bTa(this)},dTa=function(a){var b={};_.Ma(a.xM(),function(e){b[e]=!0});var c=a.jM(),d=a.qM();return new cTa(a.jJ(),1E3*c.aa(),a.RL(),1E3*d.aa(),b)},bTa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ja,a.aa),a.Ca)},nF=function(a,b){return a.aa>=a.ea?!1:null!=b?!!a.Fa[b]:!0};var oF=function(a){_.I.call(this,a.Ha);this.Bc=null;this.ea=a.Ea.LP;this.ja=a.Ea.metadata;a=a.Ea.P9;this.da=a.ea.bind(a)};_.z(oF,_.I);oF.Oa=_.I.Oa;oF.Ba=function(){return{Ea:{LP:_.ZSa,metadata:_.YSa,P9:_.RSa}}};oF.prototype.aa=function(a,b){if(1!=this.ja.getType(a.Cd()))return _.ym(a);var c=this.ea.aa;return(c=c?dTa(c):null)&&nF(c)?_.Fra(a,eTa(this,a,b,c)):_.ym(a)};.var eTa=function(a,b,c,d){return c.then(function(e){r

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 799

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansMedium4.015;Plau;MotivaS
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):124048
                                                                                                                                                                                                                                                                          Entropy (8bit):6.074024700633004
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:v4Kkq/szjKJRIDCnR96guXgECINo28BZZDhpkemOXaxq4jKea8GyFLaE0Af0ffL9:vf/fxn7ElXxE0wS0fj9
                                                                                                                                                                                                                                                                          MD5:2D64CAA5ECBF5E42CBB766CA4D85E90E
                                                                                                                                                                                                                                                                          SHA1:147420ABCEB4A7FD7E486DDDCFE68CDA7EBB3A18
                                                                                                                                                                                                                                                                          SHA-256:045B433F94502CFA873A39E72D616C73EC1B4C567B7EE0F847F442651683791F
                                                                                                                                                                                                                                                                          SHA-512:C96556EC57DAC504919E806C7DF536C4F86892B8525739289B2F2DBBF475DE883A4824069DBDD4BB1770DD484F321563A00892E6C79D48818A4B95406BF1AF96
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG...........GDEF...4...,...@GPOS......l..u.GSUB.d....w.....OS/2u..........`cmap.d..........cvt G..t........fpgm.6!........gasp............glyf5.}2........head...W.......6hhea...v.......$hmtx._X.........loca.:yV........maxp.......l... names...........post.......<....prep..........................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 805

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (645)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):11085
                                                                                                                                                                                                                                                                          Entropy (8bit):5.397976873792712
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:8losmj1Uqu+oCNLuZnnpAqntv8XMfG0v8X6JPRAkZE:JUEoCNL6pNRG0vDn9K
                                                                                                                                                                                                                                                                          MD5:E2B71F92D13FFB96C2387E583ECF4F53
                                                                                                                                                                                                                                                                          SHA1:08D6A00E00FEA89DB40F7BA6120913FFBE29AD4D
                                                                                                                                                                                                                                                                          SHA-256:41F09DD845BD7D700BE0517F8FA0AB45F67DA98FD20C8986578419D6125A5FAD
                                                                                                                                                                                                                                                                          SHA-512:2720062FD56A7605D49C9FA3D18151DD4D38B9D007E7464511017FE9BE90C54B11AF5506B876FF5EDE0CA263B357312196C360A11FBAF9DA6C3CA3364D11EABF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/www-tampering.vflset/www-tampering.js
                                                                                                                                                                                                                                                                          Preview:(function(){'use strict';function n(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function q(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var r=q(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var e=0;e<a.length-1;e++){var h=a[e];if(!(h in c))break a;c=c[h]}a=a[a.length-1];e=c[a];b=b(e);b!=e&&null!=b&&p(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(l){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(e+(l||"")+"_"+h++,l)}.function c(l,m){this.g=l;p(this,"description",{configurable:!0,writable:!0,value:m})}.if(a)

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 806

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 19 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):161
                                                                                                                                                                                                                                                                          Entropy (8bit):5.889732387119839
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlmztjllRl/HRthwkBDsTBZtmmAQGzlkWX0N/khY1RtjhCq/4cL+/XN:6v/lhPoJnDsp1AQIlBE91RtjhCE4cK/9
                                                                                                                                                                                                                                                                          MD5:F2DAE37ACAC6B9D5A91CAF1885C2F7D0
                                                                                                                                                                                                                                                                          SHA1:5F80FDDE9F702A1D7589BC5FAF88C14066E26C32
                                                                                                                                                                                                                                                                          SHA-256:93B1FBE4F6245B62BFD4C8C3347ABE0FE67ED711315E59BFADAEBC9873D8D9B5
                                                                                                                                                                                                                                                                          SHA-512:8D7FF7133AB97D81985C50FA8FD93916B42B1CE812AF21BC732DCAE45D59B9154FCC965857235D925C471DB191DFB79C0753C70C7A4D5B0285B908E396216805
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/popups/btn_arrow_down_padded.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<...CIDATx.b...?.....6....@.........6.h..1..A....@....fH.^.g.HO.......#.7.d.].....IEND.B`.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 807

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):235
                                                                                                                                                                                                                                                                          Entropy (8bit):4.936937735664609
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:HVbMS+LAX8O0HrVfPJJB0BFiylWoKJQIBMCLIVyumlAvnVx6IUARC/31bMS+LAXc:KdOW1FQuXX6C8Vo+nViARCtUdOWAeEM
                                                                                                                                                                                                                                                                          MD5:1C1C6427A41D1DDB583AAAC4EBBC366D
                                                                                                                                                                                                                                                                          SHA1:9EA945976C143DFCC0704D72C3283A7F302D1BBF
                                                                                                                                                                                                                                                                          SHA-256:08757D3BF664231C664EEAF48DBBDC4A6FBDA852B8C9B0CA0A5F63814A15088B
                                                                                                                                                                                                                                                                          SHA-512:979287C54F9F7F2CACF4F5BD155F99792A5A858D28F60517A2D9C8F5304A92045D48E4A2B345E64B1220BD0B1B24DFB4FC8F252B4FFF3C52E258ABE2C69F66AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8
                                                                                                                                                                                                                                                                          Preview:............login_LoginContainer_2kLRm{padding-top:80px;padding-bottom:150px;display:flex;flex-direction:column;align-items:center}@media screen and (max-width: 700px){.login_LoginContainer_2kLRm{padding-top:12px;padding-bottom:0px}}..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 808

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2050
                                                                                                                                                                                                                                                                          Entropy (8bit):4.751114111932053
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Kvs0QKsLGH7t9I6FdYWGT/aqTTj1RXXGFWAWUW1IJxFIe/Nf12lrlriXe:0sxKsW7t9t6HRaZeIJHIGNt2xxiXe
                                                                                                                                                                                                                                                                          MD5:5186E8EFF91DBD2EB4698F91F2761E71
                                                                                                                                                                                                                                                                          SHA1:9E6F0A6857E1FDDBAE2454B31B0A037539310E17
                                                                                                                                                                                                                                                                          SHA-256:BE90C8D2968F33F3798B013230B6C818AE66B715F7770A7D1D2E73DA26363D87
                                                                                                                                                                                                                                                                          SHA-512:4DF411A60D7A6A390936D7AD356DC943F402717F5D808BB70C7D0AC761502E0B56074F296514060D9049F0225EAE3D4BCFA95873029BE4B34C8796A995575B94
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/core/baseView.js
                                                                                                                                                                                                                                                                          Preview:/* global define:true */../**. * Abstract view which enables rendering contents with a template.. */.define([..'nougat',..'underscore',..'backbone'.],..function (nougat, _, Backbone) {....'use strict';.....var BaseView = Backbone.View.extend({...../**.... * The name of the template that represents this view..... * Must be defined for render to succeed..... */....template: null,...../**.... * A default implementation of the standard Backbone render method..... * Handles rendering a template with the current view model..... * @returns the current view instance.... */....render: function () {.....var renderer = nougat.viewRenderer,......template = this.template,......data = this.serialize();......_.bindAll(this, '_doRender', 'renderError', 'afterRender');......this.beforeRender();......renderer.render(template, data).......done(this._doRender).......fail(this.renderError).......always(this.afterRender);......return this;....},...../**.... * 'Protected' imlementation of what to do with tem

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 809

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3175
                                                                                                                                                                                                                                                                          Entropy (8bit):5.113464294316265
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:nbhJ7QEROj/XoucqKTXXwfcIPpIwx75TNFkbaVyQxI1lxBJw:bXTO/HcqmXj8IwJ5pFkbaYKIFrw
                                                                                                                                                                                                                                                                          MD5:2454DC0BF112B2541FBA37CFD2E4CBC5
                                                                                                                                                                                                                                                                          SHA1:E8E86957B77AA457C757B9D4231BD46F70176002
                                                                                                                                                                                                                                                                          SHA-256:18657DF333EEA496F8322AFC0903F5ABD740A53FDD71B0730F4070911CD704E9
                                                                                                                                                                                                                                                                          SHA-512:1AFB2B1C951B1304D00F39BC4E0027F95CD4D9CBF74346305E8604236212E299D5CC50E78128165EF1F46689377209BB645095BEA0C1D8A7378002254CCC27D9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/view/authcaptcha.js
                                                                                                                                                                                                                                                                          Preview:/**. * Created by hdoan on 10/8/14.. */..define(['jquery', 'pageView', 'validation', 'errorDisplay'],...function ($, PageView, Validation, ErrorDisplay) {....'use strict';....var View = PageView.extend({.....el: '#captcha-standalone', // The dust template needs a section with id of 'captcha-standalone'.....//initialize form....initialize: function () {......ErrorDisplay.markError(this);......// Set back to hide on the popstate.....$(window).bind('popstate', function (event) {......if (!event.state) {.......$('.modal-overlay,.modal-animate').addClass('hide');......}.....});......// When the form is invalid, focus on the first input with an error.....Validation.on('invalidchallenge', function(form) {......ErrorDisplay.focusError(form);.....}, this);......// Adding handlers to validate form field.....Validation.init(this);......// Setting the page title.....$('title').html(this.$el.attr('data-title'));.....},.....events: {.....'click .captchaRefresh': 'refreshCaptcha',.....'click .captch

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 810

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (29578), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):136391
                                                                                                                                                                                                                                                                          Entropy (8bit):5.572786173847084
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:4EJeWhyN5aauUzwX31DXkWDPMPqdKZBYjB2nkyqglze5oHsvLNb5O:yzwDPMPDZg27Fsv1I
                                                                                                                                                                                                                                                                          MD5:B322A46583519C7213FAA5921A37C291
                                                                                                                                                                                                                                                                          SHA1:6B8B6439960C53A151536C0922D8E8B04677252D
                                                                                                                                                                                                                                                                          SHA-256:7C45FF98C3926F5B3C5A0EB03217E8AD4E300A522C76B3735C5D73BDC9A843F9
                                                                                                                                                                                                                                                                          SHA-512:8950092C16D3AFC81EE5D4D929868ADE38BA89EEAC6778D1D08724F5B8D91AB5D23D7DA3C735366FC0A9B7F5582821C8ECF743B5D2A0E729FE9A283D291AFA5B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/applications/store/main.css?v=syKkZYNRnHIT&l=english
                                                                                                                                                                                                                                                                          Preview:...........html body.events_hub.v6{background-color:#171a21;font-family:"Motiva Sans",Arial,Helvetica,sans-serif}@media screen and (max-width: 400px){html body.events_hub.v6{scrollbar-width:none;-ms-overflow-style:none}html body.events_hub.v6::-webkit-scrollbar{display:none}}html body.events_hub.v6 #global_header{position:fixed;z-index:12;width:100%;box-sizing:border-box;transition:transform .15s ease-in-out}html body.events_hub.v6 .responsive_header{box-shadow:none;transition:transform .15s ease-in-out}html body.events_hub.v6 .responsive_page_template_content{padding-bottom:0}html body.events_hub.v6 .app_App_2uHYt{flex:1;display:flex;flex-direction:column;min-height:0}html body.events_hub.v6 .perf_timing_area{position:absolute;bottom:0}body.rewards .app_App_2uHYt{flex:1;display:flex;flex-direction:column;min-height:0}...contextmenu_ContextMenuMouseOverlay_pu9cO{position:fixed;top:0;bottom:0;right:0;left:0;z-index:1599}.contextmenu_ContextMenuFocusContainer_2qyBZ:focus{outline:none}.Gr

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 811

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (19300)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):361068
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4046488010305875
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:amxmR8P2IcAry2dnFKLPGMZMP9bV4sSDQ7jlf1xfreW8Z:ar8PaAryCKLPGMZA9bVT7xeW8Z
                                                                                                                                                                                                                                                                          MD5:F08F2718F467DA1EF5BDF4A3E88DC187
                                                                                                                                                                                                                                                                          SHA1:CA25ED1E4072B2659796D1DDBBA23F7E253C430B
                                                                                                                                                                                                                                                                          SHA-256:86DD1F10D7F6B1896AF8EE96977D8C5C7D83E2D095B8923EE84EDD574E1DF39C
                                                                                                                                                                                                                                                                          SHA-512:ED9566B30B4491710E636D1634CF95EAC5470AC23B5D0433171B3368ADE0DF75D026ED35ABA9FD190B2E0F4BCFDE8B14CB7C32000DD9253C9C2564550AB37F95
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/E23g9b-s4oe.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 812

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (10892)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):11080
                                                                                                                                                                                                                                                                          Entropy (8bit):5.324675907750664
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:3qCoq+nQqOu+/Qoq+n5LcpM/bP8hOBea1bofDvGaP+9dh+VtMlFFp+D7uZEEao4:3Loq+nQAYQoq+n5LcpM4sBe+8fD+a2fi
                                                                                                                                                                                                                                                                          MD5:40B77DCE90333C41A76B72F9167D8895
                                                                                                                                                                                                                                                                          SHA1:9D5EADBE8C455DCB9C04F1E4B38452CEEB435DD0
                                                                                                                                                                                                                                                                          SHA-256:FB8E8E9F734FE5BFB4DF825179FB7701B7361D6DAF1CDD278FBC078615290B2A
                                                                                                                                                                                                                                                                          SHA-512:FE5C1D8EB23753B2C7FB0C55C9295FA0C35662ECE3E3426C5129EBE7F3EE753822F8A2A05279132B38394472569DD4F215227C6A9F709EB87C34EB4DB10BEC0C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.DashMenu~loader.SideNav~bundle.MultiAccount~bundle.JobSearch.f395e70a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.DashMenu~loader.SideNav~bundle.MultiAccount~bundle.JobSearch","icons/IconChevronDown-js","icons/IconChevronUp-js"],{273792:e=>{var l,a,n,i,t,s,r,o,u,d,c={fragment:{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"DelegatedAccountListQuery",selections:[{alias:null,args:l=[{kind:"Literal",name:"s",value:"4bf0"}],concreteType:"Viewer",kind:"LinkedField",name:"viewer_v2",plural:!1,selections:[{alias:null,args:a=[{kind:"Literal",name:"status",value:"Accepted"}],concreteType:"DelegationGroup",kind:"LinkedField",name:"list_delegation_groups",plural:!0,selections:[{alias:"handle",args:null,concreteType:"UserResults",kind:"LinkedField",name:"handle_results",plural:!1,selections:[{alias:null,args:null,concreteType:null,kind:"LinkedField",name:"result",plural:!1,selections:[n={alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null},{kind:"InlineFr

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 813

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (516)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):9642
                                                                                                                                                                                                                                                                          Entropy (8bit):5.435855411923511
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:flejPRjM65ile/Q0Y5CaNLMASVZkXK7aACjbN9LDXxdZ7G92tXL74dESC:1oURjwgXK7aAq9LDXxdZ7G0tXL74dESC
                                                                                                                                                                                                                                                                          MD5:DAC3D45D4CE59D457459A8DBFCD30232
                                                                                                                                                                                                                                                                          SHA1:946DD6B08EB3CF2D063410F9EF2636D648DDB747
                                                                                                                                                                                                                                                                          SHA-256:58AE013B8E95B7667124263F632B49A10ACF7DA2889547F2D9E4B279708A29F0
                                                                                                                                                                                                                                                                          SHA-512:4F190CE27669725DAC9CF944EAFED150E16B5F9C1E16A0BBF715DE67B9B5A44369C4835DA36E37B2786AAF38103FDC1F7DE3F60D0DC50163F2528D514EBE2243
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/scheduler.vflset/scheduler.js
                                                                                                                                                                                                                                                                          Preview:(function(){'use strict';var g;function h(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var k="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var l=aa(this);function m(a,b){if(b)a:{var c=l;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&k(c,a,{configurable:!0,writable:!0,value:b})}}.m("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}.function c(f,y){this.g=f;k(this,"description",{configurable:!0,writable:!0,value:y}

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 814

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65272)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):633503
                                                                                                                                                                                                                                                                          Entropy (8bit):5.617988597220068
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:8su+dBqcsm0ciVXAiBRYtJ4SXZf34NgSmEJsO7bhGzqOYo5DOmHGAj91Y8wx7fHw:8p+vf3EZJHFo5DOmHGO4xw
                                                                                                                                                                                                                                                                          MD5:E61D8C93BD8A95C60CF1C96290C4878C
                                                                                                                                                                                                                                                                          SHA1:6B521F3472DF5AC4F58A6DAE1574ABD0D8E09DBB
                                                                                                                                                                                                                                                                          SHA-256:5FE456111775D6188EB4C3E7AF6489C23D4A64A76CEF765DC88E3A89715B8E76
                                                                                                                                                                                                                                                                          SHA-512:63BC294903FD225D2CC594059C1005700C3C96CFF32F5B07B8A806C95412EFCF2B304493E0B6FF9C77B4B53A4B39F00717F8C9109787EA049132BEA629BED96A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.16195d1a.chunk.js
                                                                                                                                                                                                                                                                          Preview:.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="c776d887-70af-5ecf-9525-d17d5f1c6edc")}catch(e){}}();.(this["webpackJsonpaccountportal-node-website"]=this["webpackJsonpaccountportal-node-website"]||[]).push([[0],{101:function(e,t,n){"use strict";var r=n(2),a=n(34),o=(n(0),n(22)),i=n(130),c=n(1),u=["children","name","label","navigating","submitting","disabled","userAction"];t.a=Object(o.b)((function(e){return{userAction:e.analytics.userAction,navigating:e.navigator.navigating}}))((function(e){var t=e.children,n=e.name,o=e.label,s=e.navigating,l=e.submitting,d=e.disabled,p=e.userAction,_=Object(a.a)(e,u);return Object(c.jsx)(i.a,Object(r.a)(Object(r.a)({name:n,label:o,disabled:s||d,fullWidth:!0,loading:(s||l)&&p===n,type:"button",variant:"contained",color:"secondary"},_),{},{children:t}))}))},102:function(e,t,n){"use strict";var

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 815

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 21464, version 1.0
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):21464
                                                                                                                                                                                                                                                                          Entropy (8bit):7.991635778215233
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:384:kNMw20ZcZdIR049weTGXkBXju/W4irYjhPC09oOtbMDa9HVZycTvwxNTGup:UaxmXXSdiQPCjMvyugNiup
                                                                                                                                                                                                                                                                          MD5:923A543CC619EA568F91B723D9FB1EF0
                                                                                                                                                                                                                                                                          SHA1:6F4ADE25559645C741D7327C6E16521E43D7E1F9
                                                                                                                                                                                                                                                                          SHA-256:BF7344209EDB1BE5A2886C425CF6334A102D76CBEA1471FD50171E2EE92877CD
                                                                                                                                                                                                                                                                          SHA-512:A4153751761CD67465374828B0514D7773B8C4ED37779D1ECFD4F19BE4FAA171585C8EE0B4DB59B556399D5D2B9809BA87E04D4715E9D090E1F488D02219D555
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......S...........St.............................*....`..~..<..u.....H........6.$..|. ..r..K..........V...@yF#b...>.[<;P..@*.....OINd(...T...C..T.w.s.b..$.....6+. ....R8E$..o..f."MD.@T"...fH..fX..O....AA..F*....+v.Q(KpXF..U"..x@...3|l..E..<.O..~..5M}.".q.#Y9....c.o.s...M.Cr..Dt.,..CtI.O..{D......H..*.+>*K..:.Y..-.l.v......'.....^.Y.k..E..c..~..S..P0.@.....<.!(.P.u.g.2....y..y..Z...v.^..lu.dC.a..o....{.o....h3A.K.I..-.O,..}.c>....Q1]....($..........s..b.X..........CJ.+..4.gE4T.S.*{g......(^...bA,...~..R..p...<G."..y.G...k..*'...i.u....I..S....\.......e$..m.2...{K........V......{me.%.}...P3...{.T..i..Av...K..g.... ...R..n..{m....t@Z....1A.H.2...^..R5)..4}..(...T......=...Pg...Y....y..e.$...]U..0.....8..Fs.(..O.....&..f,g..5..1.yo9..:cy...e..A.......i...i...G..4`)..#j.<+..{ai..[..[~.(,......X......3.f.m+3...B......_D.F.X.i.Y#.X......}_.d..`.i..i......T...7v..A.......?..c..~..g..w.D.H)%..B.!.......:.....ZE{........m.FN.....k...0.X...

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 816

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5109)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5277
                                                                                                                                                                                                                                                                          Entropy (8bit):5.536881459641171
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mZqGQfdQGKy1zTTyhyF5wfDVn9z1R4H800Fx4crbnrbqFYs9FN9akjIW:mZqGQF5KMbyhyF5qVF1R4H8NFx4N1Njl
                                                                                                                                                                                                                                                                          MD5:50BD2231C1A5DD5B154607DDEF03DC15
                                                                                                                                                                                                                                                                          SHA1:E90E43687D97D634B13CD4C97FD292E0DD5998E8
                                                                                                                                                                                                                                                                          SHA-256:1155A5967E09D66D7387E07468B0C3BF108711D0B24E6F83E41095D448603FF7
                                                                                                                                                                                                                                                                          SHA-512:FD044ADB1000831651DBBDDEA896F64CE0C92212DC0DF0ACAE1B36D8DE3BD7A11F69D5D04E062D9F11E00759628812A8A1D067989BF60467A9D3AAA67BAD25D7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AppModules~loader.LoggedOutNotifications.92fb655a.js
                                                                                                                                                                                                                                                                          Preview:(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AppModules~loader.LoggedOutNotifications"],{145988:e=>{e.exports={queryId:"BqIHKmwZKtiUBPi07jKctg",operationName:"EnableLoggedOutWebNotifications",operationType:"mutation",metadata:{featureSwitches:[],fieldToggles:[]}}},288625:(e,t,o)=>{"use strict";o.r(t),o.d(t,{PromptStatus:()=>_,SET_PROMPT_STATUS:()=>T,default:()=>w,fetchLoggedOutNotificationsDataTypes:()=>b,loadLoggedOutNotificationData:()=>R,pushSubscribeLoggedOut:()=>V,resetLoggedOutNotificationState:()=>D,selectArkosePromptStatus:()=>U,selectBrowserPromptStatus:()=>L,selectFetchStatus:()=>I,selectInAppPromptStatus:()=>k,selectIsEligibleForPushPrompt:()=>K,selectLastSeenTimeStamp:()=>v,selectPushNotificationsPromptIsSeen:()=>C,setLastSeenTimeStamp:()=>N,setPromptStatus:()=>O,updatePromptStatus:()=>F,verifyArkoseTokenAndSavePushToken:()=>H,verifyArkoseTokenAndSavePushTokenActionTypes:()=>y});o(571372);var s=o(472599),r=o(1

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 817

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17910)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):19097
                                                                                                                                                                                                                                                                          Entropy (8bit):5.306637584852488
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:Nn4lOFpTJbELv8dlM9Z6bwn3KbXqQ7KD9irk3XcRehW:28Fev8HM9AbqKbXqQ7KMA2ehW
                                                                                                                                                                                                                                                                          MD5:B46BB1E331A68A566ED5E9CFEAECF5D4
                                                                                                                                                                                                                                                                          SHA1:4356F6BC4927C8D24F09C000DB039BDA426980D2
                                                                                                                                                                                                                                                                          SHA-256:B3A8D966D249BEDA7F50AC3C2BFBB549109D5AEE49C948AABA10CFFADE528715
                                                                                                                                                                                                                                                                          SHA-512:11669C54AB95A72461EF1091CD7EF1FD9CF4F575DA92D134B48DA9D1323B26CFBA8E37CCD7245EC761E02D977817395DE1E73D2454F45A29F94F500FB1A5D969
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/17.0e47ac923c1fa85e46cf.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
                                                                                                                                                                                                                                                                          Preview:./*@preserve.***Version 1.64.1***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]||[]).push([[17],{59:function(e,t,n){./*! @license DOMPurify 2.3.1 | (c) Cure53 and other contributors | Released under the Apache licen

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 818

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (14238)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):14598
                                                                                                                                                                                                                                                                          Entropy (8bit):5.494514334891183
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:jyniPdiHU66xFtn2bYRXapxA+zmS4Ba9rtdT/2ttZGFtT/:3Xtn2busAuZ9rtQtqj7
                                                                                                                                                                                                                                                                          MD5:2C764A01FF3EAB64519BDBBF6EB8703C
                                                                                                                                                                                                                                                                          SHA1:FF41C579C1196043632CA9ACA555EBDF9ADD6784
                                                                                                                                                                                                                                                                          SHA-256:FEE6EC54C6B7F9966C060739987E75E5DB84EE36EA8F7904C34AA7B5E07BD636
                                                                                                                                                                                                                                                                          SHA-512:ECFF1041582C03F5CFA809B5094C292FB9080F6AB5DF7D634CDCE7E8AEC4D178DE5D62BAAE13E3AC8F5B58F8BE2492C883DCD92E2EFD95D5D6E49BADB9C5698E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/js/12.89821af5.chunk.js
                                                                                                                                                                                                                                                                          Preview:.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="f2fdadd2-6422-5d69-ba22-5cf060a2fd04")}catch(e){}}();.(this["webpackJsonpaccountportal-node-website"]=this["webpackJsonpaccountportal-node-website"]||[]).push([[12],{1272:function(e,t,n){"use strict";n.d(t,"a",(function(){return s}));var r,c=n(0),i=["title","titleId"];function a(){return a=Object.assign||function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},a.apply(this,arguments)}function o(e,t){if(null==e)return{};var n,r,c=function(e,t){if(null==e)return{};var n,r,c={},i=Object.keys(e);for(r=0;r<i.length;r++)n=i[r],t.indexOf(n)>=0||(c[n]=e[n]);return c}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r<i.length;r++)n=i[r],t.indexOf(n)>=0||Object.prot

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 819

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (7959)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):359240
                                                                                                                                                                                                                                                                          Entropy (8bit):5.5902396955117615
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:DF9Kemhssy9sAc7S6q8+ZGxrpsU6FrdOd:DXKemh5y9oqLZY
                                                                                                                                                                                                                                                                          MD5:F05BB60541D76D1264B1B0C3BEC606F6
                                                                                                                                                                                                                                                                          SHA1:A0F403B21B2213DBDAB434A2A3FCBEF4183C99EB
                                                                                                                                                                                                                                                                          SHA-256:32B8BF16D0C32CACBE5C572D9AF9121C8B0BCA625B6AEEE4114020EE604CB5B9
                                                                                                                                                                                                                                                                          SHA-512:5CF59DD58C046624371CB10FAFF18F793FF65674312179399357909BE9808A53D19DDAC33C03E0AE180930A8575A71C278F651C46CCDF4FB980A2AFB6AADED9F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3i0uZ4/y7/l/en_US/N4KpaQ2g0WD.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("BaseToast.react",["BaseInlinePressable.react","BaseTheme.react","BaseView.react","FocusRegion.react","focusScopeQueries","react","useCurrentDisplayMode"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||(h=d("react"));b=h;var j=b.useId,k=b.useMemo,l={dark:"__fb-dark-mode ",light:"__fb-light-mode ",type:"CLASSNAMES"},m={item:{display:"x78zum5",flexDirection:"xdt5ytf",paddingBottom:"x19yoh24",paddingEnd:"xpowjs8",paddingLeft:null,paddingRight:null,paddingStart:"xrxijuk",paddingTop:"x6enp1t",$$css:!0},itemText:{flexGrow:"x1iyjqo2",$$css:!0},link:{wordBreak:"xdnwjd9",$$css:!0},root:{alignItems:"x6s0dn4",backgroundColor:"x1wkzo03",borderTopStartRadius:"x1192kqh",borderTopEndRadius:"xjfsc2c",borderBottomEndRadius:"xg8fqjl",borderBottomStartRadius:"x1kdh5me",boxShadow:"xi1c1fh",display:"x78zum5",flexShrink:"x2lah0s",maxWidth:"x1cs6qxi",minWidth:"x1hqenl9",paddingStart:"xuv3zuj",paddingLeft:null,paddingRight:null,paddingEnd:"xd3owfx",paddingTop:"x192rfv7",paddingBottom:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 820

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3004)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):219321
                                                                                                                                                                                                                                                                          Entropy (8bit):5.458247392227865
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:JIU1gpo2CUIa6/TlMDOtxjuj6WXVB4iP1oFQ6q:JIUipCU7gTG1Bh1uI
                                                                                                                                                                                                                                                                          MD5:261B256DE1204CF5A8A2D571B6B4D207
                                                                                                                                                                                                                                                                          SHA1:BCB7195CC7B6D82131CD36F95E22502D01AFDD35
                                                                                                                                                                                                                                                                          SHA-256:E926CF82A6C5FF3294E6B7E98CDBAC0392EC5BCFF78425BB68AD8A192C46BEC0
                                                                                                                                                                                                                                                                          SHA-512:AF106733C6F9DF344819B9756695E89836477133A30EB27953D770D586892F6C93958A9D0CC6FD423DA2C38097E0226D6D317F1AE6034268ED3606E3433BD789
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/am=P8BCUo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHG7LP0tMTFgM3w4KqVKFHzS-aFPg/m=_b,_tp"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1242c03f, 0x31001639, 0x39ce5998, 0x72719ef, 0x6, 0x0, 0x358000, 0x76, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Pa,haa,Za,bb,cb,db,eb,iaa,fb,jb,jaa,kaa,ob,naa,paa,qaa,taa,vaa,Kb,zaa,Ob,Aaa,Baa,Tb,Eaa,Gaa,Haa,jc,Iaa,Maa,Naa,Lc,Paa,Qaa,Raa,Qc,Uaa,Taa,Waa,Yc,Xc,Xaa,Zc,Zaa,bd,fd,$aa,aba,qd,pd,ad,Id,iba,kba,lba,gba,mba,oba,pba,Ed,ke,le,ne,ve,zba,Ie,Le,Me,Oe,Cba,Eba,Gba,Hba,Iba,Jba,Mba,Oba,Qba,Rba,Uba,bca,Yba,cca,Ff,Gf,dca,eca,gca,ica,jca,kca,Uf,lca,mca,bg,oca,pca,rca,tca,uca,aaa,vca,ug,wca,wg,xca,yg,Ag,yca,Hg,Ig,Dca,Qg,Rg,Fca;_.aa=function(a){ret

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 821

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65407)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):347645
                                                                                                                                                                                                                                                                          Entropy (8bit):5.26964934902823
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:go7vmwdkCE5TxEzz9xGSGsOtgucprDrKb3Aazby+xsqKTSE2T7JLUQBTGTId/NHI:xE5x6vmQ0WxeE2JUcTGTXJpuBQgNu
                                                                                                                                                                                                                                                                          MD5:AADF0137858ABF3EC5C3EAC574A31344
                                                                                                                                                                                                                                                                          SHA1:46BF966DB4D481A002363994AEA685F8E40F52FE
                                                                                                                                                                                                                                                                          SHA-256:D5616AF6EB34E0D8EDE9BE6CCD6078CF3FDD188F80A4A08B790FDA89CB40A578
                                                                                                                                                                                                                                                                          SHA-512:ED0B832D4122B00FA14D220A94903EB5B09A598E566A69CD3FEA74401D09F223B3811A8E35B87FE0CD2B37DFC19480BBFE92E71B2D188997646EFFD1D29A443F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/mi/paypal/latmconf.js
                                                                                                                                                                                                                                                                          Preview:/*! 2024 dl-pp-latm@paypal.com ver(4.3.6) */.!function(){"use strict";!function(){function e(a){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(a)}var a=window.latmconf=window.latmconf||{};a.loadRedactRegEx=function(){return{redactedEmail:/([a-z0-9_\-.+]+)@\w+(\.\w+)*|(email=)[^&/?]+/gi,redactedUSSSN:/(\b\d{3}[ -.]\d{2}[ -.]\d{4}\b)|(SSN=)[^&/?]+/gi,redactedIPAddress:/(\d{1,3}(\.\d{1,3}){3}|[0-9A-F]{4}(:[0-9A-F]{4}){5}(::|(:0000)+)|(IPAddress)[^&/?]+)/gi,redactedZipCode:/((postcode=)|(zipcode=)|(zip=))[^&/?]+/gi,redactedUserName:/((username=)|(login=)|(userid))[^&/?]+/gi,redactedPassword:/((password=)|(passwd=)|(pass=))[^&/?]+/gi,redactedCredentials:/(login( cred(ential)?s| info(rmation)?)?|cred(ential)?s) ?:\s*\S+\s+\/?\s*\S+/gi,redactedVisaCreditCard:/\b4[0-9]{12}(?:[0-9]{3})?\b/gi,redactedDinersCard:/\b3(?:0[0-5]|[68][0-

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 822

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4313)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):4536
                                                                                                                                                                                                                                                                          Entropy (8bit):5.322930549521214
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:iIRKEejNZb93zBMAt4GbV1KjRQ3w9pK8BRQ4j5lLX61z68/e0VqhDtmt+cOJD/l4:lKR/bhzB51CrngeHUWf2Mt85n1+99qhl
                                                                                                                                                                                                                                                                          MD5:4473C2F8ADA6FB12C2E6E06D1881E5D7
                                                                                                                                                                                                                                                                          SHA1:D42FD847B689F364404960BF3EF557A879E3ACC9
                                                                                                                                                                                                                                                                          SHA-256:078A068C4928099EF9572505DF56AE391AD02BB6402C9254F76E13CCEC87453C
                                                                                                                                                                                                                                                                          SHA-512:631DFBAC1D6E0113F581B96B819A4452A3032EA0EEEAB269FEABB9B7C6CC0409D537B018F6E2B95F7D2B645691E07730177B2B6DE89AE0A1E1A5D25E263182C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.SideNav~bundle.AccountAnalytics~bundle.Communities~ondemand.SettingsInternals~ondemand.Settings.8817944a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.SideNav~bundle.AccountAnalytics~bundle.Communities~ondemand.SettingsInternals~ondemand.Settings"],{892051:(e,r,n)=>{n.d(r,{i:()=>y.ZP,k:()=>m});n(906886);var t=n(202784),o=n(928123),u=n.n(o),a=n(72845),c=n.n(a),l=n(57074),i=n.n(l),s=n(801206),f=n(463174),d=n(923335),y=n(823803);const h=({render:e})=>e({fetchStatus:y.ZP.LOADING,data:null,error:null,retry:s.Z});class v extends t.Component{constructor(...e){super(...e),this.state={error:null}}static getDerivedStateFromError(e){return{error:e}}componentDidCatch(e,r){if(!(e instanceof f.Z))throw e;this.props.errorHandler(e)}render(){return this.props.children(this.state.error,this.props.retry)}}const p=({query:e,queryRef:r,render:n})=>{const t=u()(e,r);return n({fetchStatus:y.ZP.LOADED,data:t,error:null,retry:s.Z})},m=(e,r)=>({fetchPolicy:n="store-or-network",render:o,variables:u})=>{const[a,l]=c()(e),s=(0,d.useCreateLo

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 823

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4404)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):34555
                                                                                                                                                                                                                                                                          Entropy (8bit):5.313353993717054
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:u4qIoGAZsI8IAa/shzO0JAeUfFveG/dioyMhOHkig:u4qIorsILA+WfieUt/dioycl9
                                                                                                                                                                                                                                                                          MD5:0A43121404A1613BAEC608CCDE356E04
                                                                                                                                                                                                                                                                          SHA1:CA97D2EFAAEF9C91BC682849FFA81D41005C0538
                                                                                                                                                                                                                                                                          SHA-256:CC1FEE4163CD5E3B140E0DCCC5635031E527BE493B4210B231BE13F3F711BBBF
                                                                                                                                                                                                                                                                          SHA-512:D9270ABE5F4C0C4130BAF6F35A5566E440B35602D7C86F2E01F13984A0327FE81DEF3B5C0704353FFEBC0B420B91872982755EA78A94EFB9A1238BEC6B744FF1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://static.xx.fbcdn.net/rsrc.php/v3/yw/l/0,cross/mlpqAQi06fk.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                                                                                          Preview:._4-do{text-align:center}._4-dp{font-size:24px;line-height:28px;margin:40px 0 20px}._4-dq{font-size:16px;line-height:28px;margin:20px 0}._4-dr{font-size:12px;line-height:20px}.._51u6{margin-bottom:-4px}._41uf,._41ug{display:inline-block;padding-right:14px;position:relative}._41uf .img{margin-left:1px;position:absolute;vertical-align:middle}._41ug .img{position:absolute;top:1px;vertical-align:middle}.#facebook ._-kb.mac{font-family:Helvetica Neue, Helvetica, Arial, sans-serif;-webkit-font-smoothing:subpixel-antialiased}#facebook ._-kb.sf{font-family:system-ui, -apple-system, BlinkMacSystemFont, '.SFNSText-Regular', sans-serif}@font-face{font-family:'Segoe UI Historic';src:local('Arial');unicode-range:U+530-5f4, U+10a0-10ff}@font-face{font-family:'Segoe UI Historic';font-weight:700;src:local('Arial Bold'), local('Arial');unicode-range:U+530-5f4, U+10a0-10ff}#facebook ._-kb.segoe{font-family:Segoe UI Historic, Segoe UI, Helvetica, Arial, sans-serif}#facebook ._-kb.roboto{font-family:Robot

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 824

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):10863
                                                                                                                                                                                                                                                                          Entropy (8bit):7.893336023408476
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:5ARjfa23tAJsqmbZEyI3ImwTHVeVUzp7C+22Z6XikPFffq0BV0FIZLKePlOoYWn4:5AfaItAJsfElI3jVwUzpC+JqNfC0wFIM
                                                                                                                                                                                                                                                                          MD5:A4E79C73EE13CB25B60FC4B0BA1F690C
                                                                                                                                                                                                                                                                          SHA1:B690C31B2EB1B0EB085E91AAAE7E79F03DEBE7C1
                                                                                                                                                                                                                                                                          SHA-256:6CB869DF089146C12EFB5E9C968E911C314842624BA6F052A11346AC734CADC8
                                                                                                                                                                                                                                                                          SHA-512:AAD423119F410A655F0AA475D2FE692087D7262C3986CE71347981C5B60F6A10031D7050BF9B9AEE4E7D84D814F0B8883C964028FCBE14ED3464602F3BA6CEC3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............4.i{....sRGB.........gAMA......a.....pHYs..........o.d..).IDATx^...}U......|.hp(..%1..H.DQ..(..H..HF..H..(.B1...hP.B1.."1..")...(."..I.".x.....:.9.......>.c....~....>..c.....7O?..sDDDDD.....QDDDDD.......S...g.Nj..........h.EDDD.F........N;.B.r..!.%.phm.9.....\DDDdr4.25..].:/..?%4...a...}.H.........]..!..qm.....|m..]DDDdp4.24...$....R..>....{..y.""""..A.! .....C.s.....0......""""}.A.>...{Co.../,..K1._.Qt*"""r..t..r.?.z..l.`.?......tB...@^..Ctb...h...QuZ;....$.A.\..zW.cN.r..c!"._....""".....pY..C.$.'CD.?......N4..+B..1PH.CD....`DDDDZ..G.6...G.!........Bg......M4..r...".\....OB..../""".....&Dy...1..:.\.bJ......t9.....2..w"....&....H.....C..!...t0...Qu...Y(F..u._.4..C..v0.Z....."./.....:eu&%@..B....""".@LqY&.?RZ.^.I..(ty.....,....xA.^.....oCo..|u&""".G..,.......S.KC.b...Y../.".?.i...;....SDDDf..}.\."rNz...u...:.UDDd.h......)_?....z..LDDDf..}.."r.9....].......Ht..6D..I.3.#..l.EDDd.h.....9.2_..zG..........8;..|..9..wWg"""

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 825

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1299)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):114724
                                                                                                                                                                                                                                                                          Entropy (8bit):5.551213200680841
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:wbxHQPJKnX30dnatNADF+Lz+T3J+E1KLd2rDr1I:wdQP0X30dnatNADF+Lz+T3J+eKU3r1I
                                                                                                                                                                                                                                                                          MD5:5A4453E9E3E19DE3FBABC55106F72397
                                                                                                                                                                                                                                                                          SHA1:7DCACF570ADA05AD90A3C19A59ED5443121DA6E6
                                                                                                                                                                                                                                                                          SHA-256:2E0DB94DBC625420B47C18DBE0CCD34D4A9AA08D15023E51F938AEDC753B0E2B
                                                                                                                                                                                                                                                                          SHA-512:ABCC8E5C5D4B5988F0AC5B47AAD04A137E26A315F6E5CE577A2227B350ABDB62AAC14A447F0DBD6EFB6DF43C9573DCDCAF1DD862AABA6667F612B3448E305B9B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=AvtSve,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bSspM,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,lsjVmc,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,qmdT9,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ltDFwf");.var Krb=_.w("ltDFwf");var jV=function(a){_.J.call(this,a.Ha);var b=this.oa();this.pb=this.Qa("P1ekSe");this.mb=this.Qa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.yb("B6Vhqe");this.Ma=b.yb("juhVM");this.ta=b.yb("D6TUi");this.aa=b.yb("qdulke");this.La=0!==this.da;this.Ka=1!==this.ja;this.Fa=[];this.ea=_.It(this).Yb(function(){this.Fa.length&&(this.Fa.forEach(this.o8,this),this.Fa=[]);this.La&&(this.La=!1,_.as(this.pb,"transform","scaleX("+this.da+")"));this.Ka&&.(this.Ka=!1,_.as(this.mb,"transform","scaleX("+this.ja+")"));_.As(b,"B6Vhqe",this.Ca);_.As(b,"D6TUi",this.ta);_.As(b,"juhVM",this.Ma);_.As(b,"qdulke",this.aa)}).build();this.ea();_.Uh&&_.It(this).Yb(function(){b.ob("ieri7c")}).ze().build()();_.mA(this.oa().el(),this.Sa.bind(this))};_.z(jV,_.J);jV.Ba=_.J.Ba;.jV.prototype.Sa=function(a,b){Lrb(

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 826

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (32086), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):95790
                                                                                                                                                                                                                                                                          Entropy (8bit):5.394132126458497
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:EPEkjP+iADIOr/NEe876nmBu3HvF38sEeL8FoqqhJ7SerN5wVI+xcBpPv7E+nzmN:bNMzqhJvN32cBd7M6Whca98Hr4
                                                                                                                                                                                                                                                                          MD5:4DC834D16A0D219D5C2B8A5B814569E4
                                                                                                                                                                                                                                                                          SHA1:4FBE0563917D6F6289E4E1B4A0A8758E4E43BDA9
                                                                                                                                                                                                                                                                          SHA-256:91222F96F34735EBC88DF208017E54D4329B9202E3E52367FB8B149698A1A5EF
                                                                                                                                                                                                                                                                          SHA-512:6FBEC4785A21520FA623D1A151C6C8B64BAA1321AC6918A127BCFC22E49EC2E3BCD161AF9C237BD5C70BC4046EB12CF434563F86CBDC9876EB67FB2DEA87034B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                                                                                                                                                                                                                                                                          Preview:/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){re

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 827

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3364), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):47838
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2331934893389604
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:ndpqmC0Ib7cYHZ4VWwCW3KI8ivfJkPVoEAd2Z4VWwCW3KI8i7h2pgp7X+JnMbV4i:nd8mC0Ib7cYHZ4VWwCW3KI8ivRkPVoEm
                                                                                                                                                                                                                                                                          MD5:611A23DD617435219E1D7E2A3B92A7C4
                                                                                                                                                                                                                                                                          SHA1:5D9C16FBF91B4DBE62914C37547DC531729B30B8
                                                                                                                                                                                                                                                                          SHA-256:E09889BCD3844BEAF34E093A27776AFBF6275F935874B0495D01F4DAF4C3A1EB
                                                                                                                                                                                                                                                                          SHA-512:1154F4F4C1110EF923EC0E196E4657120303E18AFC2732E2482C54B6E4BC2D3CE7653FCF127EE5246BFCC647A9C8871C87B4B3DD4FB07A06C2FB51F8C8BE07C3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://steamcommunity.com/openid/loginform
                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Sign In</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=MwDZsk1RA0yo&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=GtBXfuM7ql2k&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 828

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65369), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):69784
                                                                                                                                                                                                                                                                          Entropy (8bit):5.591016177797964
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:9/IuGakvRWa08+7WpNoiYJxUENxFnkCZU8BlNekZDaGhMWX+qFmLKYVCgtGutIAU:9hZReodA7d/23UbkYyJ1T92K
                                                                                                                                                                                                                                                                          MD5:365359A7C68571ABF7B26F6A3BD20C54
                                                                                                                                                                                                                                                                          SHA1:E509D929C88ABD80EB35C54590F35EE87FBF7E53
                                                                                                                                                                                                                                                                          SHA-256:723D6488F4D642A70792C51D5D8069A3EF82A3AD48F223B8E1F2FFBC90FF4733
                                                                                                                                                                                                                                                                          SHA-512:CCE7CC6EF5AFAA99111E72FCE45F455FF3405CA06AE530454C14B41C506295EF662771F9178DC53EAE0305373BD39C9FD5C6FF0B7053CF4AB14211C9622C80C9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/chunk~9216830f7.js?contenthash=e4097c6fcb3215c60133
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkstore=self.webpackChunkstore||[]).push([[1430],{68628:e=>{e.exports={Login:"newlogindialog_Login_ZOBYq",SideBySide:"newlogindialog_SideBySide_1Wl13",QRSection:"newlogindialog_QRSection_2ZDyS",MessagingContainer:"newlogindialog_MessagingContainer_3ph6w",MessagingTag:"newlogindialog_MessagingTag_3jy5R",MessagingSubtitleCtn:"newlogindialog_MessagingSubtitleCtn_3dSxv",MessagingIcon:"newlogindialog_MessagingIcon_2H3fB",MessagingSubtitle:"newlogindialog_MessagingSubtitle_toeax",MessagingButton:"newlogindialog_MessagingButton_-jjqv",MessagingLink:"newlogindialog_MessagingLink_1ozce",ScanQRButton:"newlogindialog_ScanQRButton_IsYb2",QRIcon:"newlogindialog_QRIcon_2zKSq",QRCodeContainer:"newlogindialog_QRCodeContainer_3YjUm",QR:"newlogindialog_QR_1d6FZ",QRHideLink:"newlogindialog_QRHideLink_1mk4A",HideButton:"newlogi

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 829

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (330)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):31784
                                                                                                                                                                                                                                                                          Entropy (8bit):5.42465444354701
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:rw6peNonqZ+tOD/CVzJWFStqf9JAtEPmNF5w/WTad0XAK1FIAhUrYiOjHhff9V/7:0OjBff9VDUu3YTWzTr5
                                                                                                                                                                                                                                                                          MD5:B611E18295605405DADA0A9765643000
                                                                                                                                                                                                                                                                          SHA1:3CAA9F90A2BF60E65D5F2C1C9AA9D72A6AA8F0A3
                                                                                                                                                                                                                                                                          SHA-256:1A704D36B4AA6AF58855BA2A315091769B76F25DCE132AAE968952FB474AB336
                                                                                                                                                                                                                                                                          SHA-512:15089CF5F1564DDBCFF9A71E6BA32ABF754126C9AD9944F2160445CF293445768BD251C52FD290380028940DFDB27D67D3B31F493434598721DA6A700ACD0873
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/authchallenge.js
                                                                                                                                                                                                                                                                          Preview:'use strict';.var autosubmit = false,..recaptchaCallback,..recaptchaEnterpriseCallback;.var ADS_FPTI = (function(){...var adsPluginDiv = document.getElementById('captcha-standalone'),...csrf = adsPluginDiv.getAttribute('data-csrf'),...sessionId = adsPluginDiv.getAttribute('data-sessionid');...var isFPTIEnabled = typeof PAYPAL !== 'undefined' && typeof PAYPAL.analytics !== 'undefined' &&...typeof PAYPAL.analytics.instance !== 'undefined' && typeof fpti !== 'undefined';...if (isFPTIEnabled){...PAYPAL.analytics.startClientErrorTracking();...PAYPAL.analytics.startCPLTracking();..}...var postData = function (data){....var xmlHttpReq = new XMLHttpRequest();...xmlHttpReq.open('POST', '/auth/logclientdata');...xmlHttpReq.setRequestHeader("Content-Type", "application/json;charset=UTF-8");...xmlHttpReq.timeout = 15000; // 15sec....var dataToSend = {....fpti : data,...._csrf : csrf,...._sessionID : sessionId...};....xmlHttpReq.send(JSON.stringify(dataToSend));..};...var customADSFPTITracking = fu

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 830

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15552
                                                                                                                                                                                                                                                                          Entropy (8bit):7.983966851275127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzi:jslQ+LhUoTB0Qr6Qjkg/DmcJufzi
                                                                                                                                                                                                                                                                          MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                                                                                                                                                                                                                                                          SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                                                                                                                                                                                                                                                          SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                                                                                                                                                                                                                                                          SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 831

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (9521), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):103379
                                                                                                                                                                                                                                                                          Entropy (8bit):5.378982765619868
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:a9QF0iWEyom5vsr7yfsgwFV1Dl/1DlZVLoWAW3XJ0zMzkSTgjN+1emFrO5dXg71v:aWyU/Dr1opFFBnD4
                                                                                                                                                                                                                                                                          MD5:9AA4343AF81A6D7B2BC5ADB6705F6ED8
                                                                                                                                                                                                                                                                          SHA1:F8C48F85818722BD65FAA412BD22CC5B80CB20FB
                                                                                                                                                                                                                                                                          SHA-256:7BE64656777BA89FFC59BF9898F732AD41AB908FAD3C06CA3005E4776838A05C
                                                                                                                                                                                                                                                                          SHA-512:AEDFD95741C01BB277E18709F3B6DEB2109C6303051A85BE53645A92CF39696A6CB4B1D2123579A648D62F5716EDF1ACB537BEA2CE60CCAA42B1FE3D2CCAAE65
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/global.js?v=mqQ0OvgabXsr&l=english
                                                                                                                                                                                                                                                                          Preview:......function RegisterSteamOnWebPanelShownHandler( f )..{...$J(document).on( 'visibilitychange', function() {....if ( document.visibilityState === "visible" ).....f();...});..}....function RegisterSteamOnWebPanelHiddenHandler( f )..{...$J(document).on( 'visibilitychange', function() {....if ( document.visibilityState === "hidden" ).....f();...});..}............function RefreshNotificationArea()..{...// the new way - updates both the old envelope and responsive menu...UpdateNotificationCounts();..}....function vIE()..{...return (navigator.appName=='Microsoft Internet Explorer') ? parseFloat( ( new RegExp( "MSIE ([0-9]{1,}[.0-9]{0,})" ) ).exec( navigator.userAgent )[1] ) : -1;..}....function checkAbuseSub( elForm )..{...if ( !$J(elForm).find('input[name=abuseType]:checked').length )...{....alert( 'Please select a reason for reporting abuse' );....return false;...}.....CModal.DismissActiveModal();.....var params = $J(elForm).serializeArray();...params.push( {name: 'json', value: 1} );...

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 832

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4707)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1051082
                                                                                                                                                                                                                                                                          Entropy (8bit):5.567169212362513
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:MolZt1bzC5YR5SncnXhCxubZQeK1RiZI9Ox818zYHGhWYxfTZSRerDWl9MPZZDQ9:MctxzCzncnXhuu12iZJSIrYONCnv
                                                                                                                                                                                                                                                                          MD5:89446665A4B16348BB5CE0BD8858B020
                                                                                                                                                                                                                                                                          SHA1:B4B3B8B3605358AAAF5626B7D741B5AF4DB45C99
                                                                                                                                                                                                                                                                          SHA-256:4B6D562F5A3E65E1CF908EACE05940EC4C09B4FE98BF517A91013290095BFD51
                                                                                                                                                                                                                                                                          SHA-512:C3628F72D29402C746C15D11C7E2B268BEAA978A5024F41376BEAF4313978A86C3B23E47F041DF14A5B343A834B4D715C944FB97C52A26C526301B5B73579098
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3iI9e4/y2/l/en_US/U98rs1naSBQ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("usePolarisCentralizedUpsellStateQuery.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a=[{alias:null,args:null,concreteType:"XDTViewer",kind:"LinkedField",name:"xdt_viewer",plural:!1,selections:[{kind:"ClientExtension",selections:[{alias:null,args:null,concreteType:"PolarisCentralizedUpsell",kind:"LinkedField",name:"logged_out_upsell",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"last_viewed_owner",storageKey:null}],storageKey:null}]}],storageKey:null}];return{fragment:{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"usePolarisCentralizedUpsellStateQuery",selections:a,type:"Query",abstractKey:null},kind:"Request",operation:{argumentDefinitions:[],kind:"Operation",name:"usePolarisCentralizedUpsellStateQuery",selections:a},params:{cacheID:"e4db046ba80e3bb92ce7146811f40f6c",id:null,metadata:{},name:"usePolarisCentralizedUpsellStateQuery",operationKind:"query",text:null}}}();e.exports=a}),null);.__d("CometAccessibil

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 833

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (680), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):845
                                                                                                                                                                                                                                                                          Entropy (8bit):5.518198766606129
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:+Tuj0z//Td14fRtBy76j8/iOL1iPRr6YymUL+6p/:+Tuj0//TdmByWj8//qNS5/
                                                                                                                                                                                                                                                                          MD5:BA269FE6C1FE6092B5EDFEC5A23F3770
                                                                                                                                                                                                                                                                          SHA1:56CACFF50B371F9EDC9D08D3150C2F4E42B693DE
                                                                                                                                                                                                                                                                          SHA-256:648C1F8564FE02601A41177F0D5B2299736F16A98E240644174F52446F895B6B
                                                                                                                                                                                                                                                                          SHA-512:8646DCDD41E9B19C2ADACEE365CFA3A071DB187E2DB09D4218D97358C1C4F3CEB8386EBEB7F03F3D93DF56BDCB9D74370B01D757FDFA6E75F4C43ED056DE1025
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/login.js?contenthash=f2d3dd540adcf499223d
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[4535],{79707:e=>{e.exports={LoginContainer:"login_LoginContainer_2vAS_"}},32431:(e,n,t)=>{"use strict";t.r(n),t.d(n,{default:()=>l});var r=t(47427),o=t(99327),a=t(77581),i=t(37563),s=t(35791),c=t(79707);function l(e){const{redirectUrl:n=i.De.COMMUNITY_BASE_URL}=e,[t]=(0,r.useState)(new a.J(i.De.WEBAPI_BASE_URL).GetAnonymousServiceTransport()),[l,u]=(0,r.useState)(!1);return r.createElement("div",{className:c.LoginContainer},l?r.createElement(o.pT,null):r.createElement(o.wK,{autoFocus:!0,transport:t,platform:2,onComplete:e=>{e==s.TG.k_PrimaryDomainFail?u(!0):window.location.assign(n)},redirectUrl:n}))}}}]);

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 834

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1680)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2541
                                                                                                                                                                                                                                                                          Entropy (8bit):5.233308769647653
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:svCFcCPrwbrJ3mjvJllHWMQ9vz0WlsrxYa6bWM6Rc9nr/jAdal7s:ssxaWkvzj4YUpmAal7s
                                                                                                                                                                                                                                                                          MD5:D637E650892304875D8B6EC268AD9C20
                                                                                                                                                                                                                                                                          SHA1:CFB26F0BE8B2FAC114B39BB26789666EF877203A
                                                                                                                                                                                                                                                                          SHA-256:EA680C36B1E632FC0A96CD21231F1D9E17DB700B8B68729328C5B8972E2D3622
                                                                                                                                                                                                                                                                          SHA-512:FDE4C3538B4E9F72EC0335902FD7B64B94C3094B2D48ED47A09488CB4EC3CC7C3E63B2C34EBBF8C598FF6B5B6CCD602DB177944869ACDAAF117C0DE6B8133428
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/4.bee7caf079144a7b9980.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
                                                                                                                                                                                                                                                                          Preview:./*@preserve.***Version 1.64.1***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]||[]).push([[4],{63:function(e,n,t){"use strict";t.r(n);var i=function(){return function(e,n){this.payload=n,this.type=e}}();t.d(n,"addP

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 835

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):89771
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3082829776469165
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:imsvf3ZcGj0CqB26gdz5a70sfFo1KnVn6z4EBYfhlOPBr90Q6ssOZrQSysmHN4jU:K046g+Dn6z4EBFlWN4A
                                                                                                                                                                                                                                                                          MD5:B2E1D832E9A40D7469ACE7B710E138CD
                                                                                                                                                                                                                                                                          SHA1:BA52B1B42F4B6139EB571DA7795FC3501A748DA8
                                                                                                                                                                                                                                                                          SHA-256:68BD0A72EABB055E969805AFF7360CFDD81FBAA2F0A10D3C9C18608D1179AD79
                                                                                                                                                                                                                                                                          SHA-512:4D3A923403EDFD9AF724C1112BDBEE60579ED8E42735A24F9ABF3E3045335164EF8E0479A9405236924F2F60429613177DDEBD83F12A3CA0EC7FDCBC33AB44C7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/dynamicstore.js?v=suHYMumkDXRp&l=english
                                                                                                                                                                                                                                                                          Preview:..function GetElemSNR( $Elem )..{...var snr = $Elem.data( 'snr' );...if ( typeof snr != 'undefined' )...{....return snr;...}.....// look for links with snr parameter...var links = $Elem.is( 'a' ) ? $Elem : $Elem.find( 'a' );...snr = null;...for ( var i = 0; i < links.length; ++i )...{....var link = links[i];....var navinfo = link.href.match( /[\?&]snr=([a-zA-Z0-9\-\_ ]+)/ );....if ( navinfo )....{.....snr = navinfo[1];.....break;....}...}.....$Elem.data( 'snr', snr );...return snr;..}....// given an array of impressions as strings, this will handle joining them all together into a singular string, but enforcing that it doesn't..// go above the cookie size limit which can otherwise cause users to become stuck since the page requests will start failing..function JoinImpressionsUpToLimit( rgImpressions )..{...//cookies generally can go up to 4k bytes, but we can have problems when we start getting that close, so cut it off earlier...var nRemainingLen = 3200;...var result = '';...for ( var

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 836

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1973)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):16774
                                                                                                                                                                                                                                                                          Entropy (8bit):5.435544490962404
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZlS0UrGjeqsTKF/VWO7L0J2AHNxMKnYNOr28F/1S94amg4qr9jXmT2fItXNu:4qtEUAHNxZ0OrrFN0S8
                                                                                                                                                                                                                                                                          MD5:AD6AA3451E397522B056E0B8EFB6CC27
                                                                                                                                                                                                                                                                          SHA1:2B491439BDDFD73418CDE3EF59B309259C58928E
                                                                                                                                                                                                                                                                          SHA-256:B6ECC4ABDE3468769FF07BC6F76F694F1E738AEF7EF71572BF2D20F5B9D69EB4
                                                                                                                                                                                                                                                                          SHA-512:6C113602E65E3AB2615E9C5BA744F03D57ECA5E2B164DC62D2057B7A6B72EC85796AB26736F5FC14D9CD61DBD15FFD911F6CC38988E0934341327ED8F33BCF6F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/network.vflset/network.js
                                                                                                                                                                                                                                                                          Preview:(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof n&&n];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var p=ba(this);function r(a,b){if(b)a:{var c=p;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&l(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,h){this.g=f;l(this,"description",{configurable:!0,writable:!0,value:h})}if(a)return a;c.prototype.toS

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 837

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):16087
                                                                                                                                                                                                                                                                          Entropy (8bit):4.969826359236833
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:x32Mu4vUDjHbnZsXGWIS75sTY8M7ebb6qgrrY20jhN3MScuhJ05zb5jzCF+MlF+8:x32L4kzt3gtGb5LQqha31iUTSiq5N
                                                                                                                                                                                                                                                                          MD5:72938851E7C2EF7B63299EBA0C6752CB
                                                                                                                                                                                                                                                                          SHA1:B75196BD3A6F9F4DFC1BBF5E43E96874BCD9CE4E
                                                                                                                                                                                                                                                                          SHA-256:E2D4E0E1D3E162FDC815F16DFFF9AE9B0A967949F0F3AE371F947D730A3F0661
                                                                                                                                                                                                                                                                          SHA-512:2BB6C03A1335EF9514D0D172A4284D82A29D1783A72306BDCB8AF3185D5CD2FF16303355AA4B05086D2FA0B5B7C7159CFA67DE4A6175095FF0E68ADEC2A56AC1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                                                                                                                                                                                                                                                                          Preview:/* Requires jQuery.. *.. * This plugin will create div.jsTooltip elements (or configure your own!) in body for every tooltip on the page. Some.. * basic CSS is applied automagically, but you'll want to style it on your own from there. This code will be applied to.. * every element in your .v_tooltip() selector, so giving it a common selector like '.tooltip' is ideal... *.. * Options:.. * - location: Where the tooltip should spawn in relation to it's parent.. * - offsetN: How many pixels to add.. * - trackMouse: Should we track the mouse cursor instead of the parent?.. * - suppressOnClick: Should we hide if a user clicks the target?.. * - suppressWhileToggled: Should we ignore events if the target has the 'toggled' class?.. * - tooltipClass: css class to apply to tooltip elements.. * - fadeSpeed:.Time (in milliseconds) to spend fading in/out. Set to 0 to disable... * - allowHover: Should we keep the tooltip open if we mouse directly on to the tooltip? (Your tooltip will need to spawn in

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 838

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (28410)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):29271
                                                                                                                                                                                                                                                                          Entropy (8bit):5.203559783274845
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:cCcTKABAYAcydIAaQmtEu4A8Ay8DiAhAsmtEPRvXf8a97ShsvgrfSa9wtvfVap6Z:GTKABAYAcydIArALiAhAs1pvEsvvaqtN
                                                                                                                                                                                                                                                                          MD5:C6F2E7F0C414E5A9EB5750D2C1848DEA
                                                                                                                                                                                                                                                                          SHA1:FFCE7CAC8D07AE92EEAF641D8808D7E4AE4C07AF
                                                                                                                                                                                                                                                                          SHA-256:E7D287B90B3A071AED8C9860F22CFF01BCB34FCFC45BD90319BAC450226D1E6D
                                                                                                                                                                                                                                                                          SHA-512:82C85ACEACD31EFBC0D7C4DBB1A4426E79C122D9F20770C26B552A58268895123110B5584C8900B8E550A4259619F37E290C46AD66A58289D1B025E6DFA71FB9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/1.1303dc17a61da0f506d3.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
                                                                                                                                                                                                                                                                          Preview:./*@preserve.***Version 1.64.1***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]||[]).push([[1],{23:function(e,t,i){"use strict";i.d(t,"a",function(){return o});var n=function(e,t,i,n){return new(i||(i=Promise))(func

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 839

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (405)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1600
                                                                                                                                                                                                                                                                          Entropy (8bit):5.232577190477029
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:o7bIjh563SVeDRxiyNvYezjzs3lDC7PBrw:oy1MxvqeAU7lw
                                                                                                                                                                                                                                                                          MD5:9893B7BF270B6040B21043437BE2F99A
                                                                                                                                                                                                                                                                          SHA1:FC78C7464AC25475BC1A6E0B88B8AABD781B4D28
                                                                                                                                                                                                                                                                          SHA-256:C0857956EA6D45C6C6CEE3A976C5FABBD2960E2CF30F1692C974C43E56A49FF3
                                                                                                                                                                                                                                                                          SHA-512:38198C8F65A585FF67EB9CD1BC843EF3A24D5EA80B1F8CB2B00FE9A3891667B142B2F6A85529BB7441CCF86D256A83A835AAC1F6CD5F6A9378B2B71DB0F2F71A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.mg(_.lha);_.sx=function(a){_.I.call(this,a.Ha);this.aa=a.Xa.cache};_.z(_.sx,_.I);_.sx.Oa=_.I.Oa;_.sx.Ba=function(){return{Xa:{cache:_.Hq}}};_.sx.prototype.execute=function(a){_.wb(a,function(b){var c;_.Ve(b)&&(c=b.Za.Pb(b.fb));c&&this.aa.lC(c)},this);return{}};_.ls(_.Gha,_.sx);._.m();._.k("VwDzFe");.var HF=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.Kq;this.ea=a.Ea.metadata;this.da=a.Ea.Cq};_.z(HF,_.I);HF.Oa=_.I.Oa;HF.Ba=function(){return{Ea:{Kq:_.hF,metadata:_.YSa,Cq:_.dF}}};HF.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.wb(a,function(c){var d=2===b.ea.getType(c.Cd())?b.aa.Yb(c):b.aa.aa(c);return _.jl(c,_.iF)?d.then(function(e){return _.hd(e)}):d},this)};_.ls(_.Lha,HF);._.m();._.k("sP4Vbe");._.XSa=new _.Kl(_.Hha);._.m();._.k("A7fCU");.var mF=function(a){_.I.call(this,a.Ha);this.aa=a.Ea.wK};_.z(mF,_.I);mF.Oa=_.I.Oa;mF.Ba=function(){r

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 840

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):24657
                                                                                                                                                                                                                                                                          Entropy (8bit):5.319718503552118
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:aUXvnJo2dacv5Wc4gOV+n0Xmz85JX1c/jc0NL+lMF2KDnXhOMucpqWqGil/wSwf3:aU/nq2dd4gmLWqGil/wS20m
                                                                                                                                                                                                                                                                          MD5:A52BC800AB6E9DF5A05A5153EEA29FFB
                                                                                                                                                                                                                                                                          SHA1:8661643FCBC7498DD7317D100EC62D1C1C6886FF
                                                                                                                                                                                                                                                                          SHA-256:57CFAF9B92C98541F769090CD0229A30013CEA7CFAFC18519CA654BFAE29E14E
                                                                                                                                                                                                                                                                          SHA-512:1BCACD0EC7C3D633D6296FFF3325802D6352805F0D2CF1EEA39237424229ECFFAD6CB2AEE4248E28B1ECA02FF0646B58240851A246BBCF0AA1083830D5D9081E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english
                                                                                                                                                                                                                                                                          Preview:"use strict";....// build our menu on init..jQuery( function($) {...var mqQueryMenuMode = window.matchMedia ? window.matchMedia("(max-width: 910px)") : {matches: false};...var mqMobileMode = window.matchMedia ? window.matchMedia("(max-width: 500px)") : {matches: false};.....var $HTML = $J('html');...window.UseTouchFriendlyMode = function() {....return $HTML.hasClass( 'responsive' ) && ( mqQueryMenuMode.matches || $HTML.hasClass('touch') );...};...window.UseSmallScreenMode = function() {....return $HTML.hasClass( 'responsive' ) && mqQueryMenuMode.matches;...};...window.UseMobileScreenMode = function() {....return $HTML.hasClass( 'responsive' ) && mqMobileMode.matches;...};...window.UseTabletScreenMode = function() {....return $HTML.hasClass( 'responsive' ) && $HTML.hasClass( 'tablet' );...};...window.UseNewMobileAppMode = function() {....// the new mobile app can run on screen widths wider than responsive_css_maxwidth....return $HTML.hasClass( 'responsive' ) && $HTML.hasClass( 'rn_mobil

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 841

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (11999), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):11999
                                                                                                                                                                                                                                                                          Entropy (8bit):5.120751194066745
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:QWf2m8D/D4/uHiKQZ24/ueb4/uH+ZmWuCHWunyWumF129emoaaFN7SCmyGuR8aRi:EZ1faaFNx9uzSdfK/
                                                                                                                                                                                                                                                                          MD5:4A3F40FCC27B5F1BF6E7940FC966B7E5
                                                                                                                                                                                                                                                                          SHA1:16F0DF35A749F9EC555023B0C013EC4E254D7D54
                                                                                                                                                                                                                                                                          SHA-256:C4517100B7BDAC0B186DFF20D44A6A6FD02E1A5A6DCC413D8B4B9298B0E294A5
                                                                                                                                                                                                                                                                          SHA-512:58E8D9D62783898342CFD3A6A0EFD73590357651C8A131AB900C199FB9E1BAB38B92977AB957F3085DBF818DDC5A5EEA25BFAA684478EDF5973BF482FD650C6E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/cssbin/www-main-desktop-home-page-skeleton.css
                                                                                                                                                                                                                                                                          Preview::root{--blob-a-x:55%;--blob-a-y:15%;--blob-b-x:101%;--blob-b-y:3%;--blob-c-x:94%;--blob-c-y:113%;--blob-d-x:10%;--blob-d-y:70%;--blob-e-x:0%;--blob-e-y:0%}@property --blob-a-x{syntax:"<percentage>";inherits:false;initial-value:55%}@property --blob-a-y{syntax:"<percentage>";inherits:false;initial-value:15%}@property --blob-b-x{syntax:"<percentage>";inherits:false;initial-value:101%}@property --blob-b-y{syntax:"<percentage>";inherits:false;initial-value:3%}@property --blob-c-x{syntax:"<percentage>";inherits:false;initial-value:94%}@property --blob-c-y{syntax:"<percentage>";inherits:false;initial-value:113%}@property --blob-d-x{syntax:"<percentage>";inherits:false;initial-value:10%}@property --blob-d-y{syntax:"<percentage>";inherits:false;initial-value:70%}@property --blob-e-x{syntax:"<percentage>";inherits:false;initial-value:10%}@property --blob-e-y{syntax:"<percentage>";inherits:false;initial-value:10%}html[ghost-cards-diffuse-1] .skeleton-bg-color{background:radial-gradient(ellipse 10

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 842

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (22065)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):22289
                                                                                                                                                                                                                                                                          Entropy (8bit):5.52377169494647
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:9oVHOD5HGHKtKlmtvedQcpqpXOmy3ErjofvD8GF4eLmKd8Skuw2GwVPYSdZDZIjm:9oVHo5HGqtKIpedQcpqpemkErjofvD8y
                                                                                                                                                                                                                                                                          MD5:64765625E7B0BB4A0A985F4FE123C4D5
                                                                                                                                                                                                                                                                          SHA1:B2B2E6959A0A759E039702B62C2001F9A6E51F3F
                                                                                                                                                                                                                                                                          SHA-256:FA5ECF6312F117CB5DAD197964AB7BDB3FE014353E04A56BC67F7C5A784DE138
                                                                                                                                                                                                                                                                          SHA-512:9B32E2D858C7221AB88FFF4C704F8E8534BF0011D8ABFC8E98967DECA64D1DDC9A34EBC76EE9144973DC1B269628D311855BDFAA7928B27752075FD6BDB04240
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AudioDock~loader.DashMenu~loader.SideNav~loader.Typeahead~loader.DMDrawer~bundle.Account~bundle.6695e3ea.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AudioDock~loader.DashMenu~loader.SideNav~loader.Typeahead~loader.DMDrawer~bundle.Account~bundle"],{77227:(e,t,i)=>{i.d(t,{Z:()=>x});var r=i(202784),l=i(325686),a=i(128114),n=i(882392),o=i(12934),s=i(273487),c=i(411839),d=i(465098),u=i(971575),m=i(973186);const p=e=>{const t="1.25em",i={height:`calc(${t}*0.85)`,width:`calc(${t}*0.85)`},a=[y.containerStyle,i];return r.createElement(l.Z,{style:a},r.createElement(o.Z,{ratio:1},r.createElement(s.Z,{source:e.url,style:y.image})))},y=m.default.create((e=>({root:{marginEnd:e.spaces.space2,marginStart:e.spaces.space2,display:"inline-flex",justifyContent:"center"},withLeftMargin:{marginStart:e.spaces.space4},containerStyle:{maxHeight:"17px",maxWidth:"17px",display:"inline-block",position:"relative"},image:{height:"100%",width:"100%",borderRadius:e.borderRadii.xSmall,display:"flex",borderColor:e.colors.gray200,borderWidth:e.b

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 843

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2646
                                                                                                                                                                                                                                                                          Entropy (8bit):5.186625633836425
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:y3/p1p6iBbbjR3+Muik5kSR3+MuikywR3+MuiktStR3+MuikFXR3+MuikRCR3+Mm:ip1p6eUMuotMuYjMuvFMuboMu3dMuIw9
                                                                                                                                                                                                                                                                          MD5:45CDA1A73836131DD3614C2C3854CA4D
                                                                                                                                                                                                                                                                          SHA1:8C5F6023535CB883463E83170430B31EE72B5176
                                                                                                                                                                                                                                                                          SHA-256:218BEDD2A2817DFDE5F3A900B6204C7E378E1B747FF98AE89AEDFF2391E4429C
                                                                                                                                                                                                                                                                          SHA-512:EFA13E0D107CB9915BB8AB250B417880F08E255FF2D6457306FEF6A6FF0DEE0FC2F0FCA15738B71CE1AACCD3B2556B677881BEF4A6CB182D696B583F10E78559
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=Rc2hpzg2Ex3T&l=english
                                                                                                                                                                                                                                                                          Preview:/*.. Font: ..Motiva Sans.. URL: ..http://www.youworkforthem.com/product.php?sku=T2982.. Foundry: .Niramekko.. Foundry: .http://www.youworkforthem.com/designer/293/niramekko.. Copyright:.Copyright 2011 by Rodrigo Saiani. All rights reserved... Version: .1.0.. Created:.August 09, 2012.. License: .http://www.youworkforthem.com/font-license.. License: .The WebFont(s) listed in this document must follow the YouWorkForThem..... WebFont license rules. All other parties are strictly restricted..... from using the WebFonts(s) listed without a purchased license...... All details above must always remain unaltered and visible in your CSS... */....@font-face {...font-family: 'Motiva Sans';...src: url('https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015') format('truetype');...font-weight: normal;...font-style: normal;..}....@font-face {...font-family: 'Motiva Sans';...src: url('https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.01

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 844

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):44
                                                                                                                                                                                                                                                                          Entropy (8bit):4.544325652580697
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:hWikj2hkum0KthOU1:AikjDBr
                                                                                                                                                                                                                                                                          MD5:6D93FDB56B417B26D61378095110EA11
                                                                                                                                                                                                                                                                          SHA1:99C638B5D3CBB852EF664EFC7A1E8282F3997DE9
                                                                                                                                                                                                                                                                          SHA-256:D8F0F15132104CAEF0BADCF8657B9CFCC4237F59AC844DE47E297A2F48E43AD9
                                                                                                                                                                                                                                                                          SHA-512:6A735A16B22DC3152CB359D47C9E51B1117EA624B573F24B4694734F2F90CBFE7ECF5D3684DBCF9CB08FEC7873C5399AAF58C0174A5B60ED93E3D48F971ADF34
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkcDjrNWB_0jBIFDYPOwY0SBQ2S9RIrEhAJ7BhjDdoXQokSBQ38LUur?alt=proto
                                                                                                                                                                                                                                                                          Preview:ChIKBw2DzsGNGgAKBw2S9RIrGgAKCQoHDfwtS6saAA==

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 845

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBlack4.015;Plau;MotivaSa
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):120816
                                                                                                                                                                                                                                                                          Entropy (8bit):6.070220522864693
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:IrEEEEEueapd0oej1yAHjU/gXG7mGSCfj9:IDpd0oejdQ/gXgfh
                                                                                                                                                                                                                                                                          MD5:4F7C668AE0988BF759B831769BFD0335
                                                                                                                                                                                                                                                                          SHA1:280A11E29D10BB78D6A5B4A1F512BF3C05836E34
                                                                                                                                                                                                                                                                          SHA-256:32D4C8DC451E11DB315D047306FEEA0376FBDC3A77C0AB8F5A8AB154164734D1
                                                                                                                                                                                                                                                                          SHA-512:AF959FE2A7D5F186BD79A6B1D02C69F058ECD52E60EBD0EFFA7F23B665A41500732FFA50A6E468A5253BB58644251586AE38EC53E21EAB9140F1CF5FD291F6A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG............GDEF...4...,...@GPOS..B....l..l.GSUB.d....m.....OS/2w*.'.......`cmap.d..........cvt J......0....fpgm.6!.........gasp.......(....glyf...G.......jhead.g.n.......6hhea.r.....(...$hmtx..*....L....loca.F. ...4....maxp........... nameKN].........post............prep...........................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 846

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1480)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1529
                                                                                                                                                                                                                                                                          Entropy (8bit):4.936450378725315
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:s09/AwAjn3KB3Id09yAAAr3+B3vd09VA0EA3C3L4B3Kd09TAzAS3oB3f:s4Qkq4No14PfCWk4QaP
                                                                                                                                                                                                                                                                          MD5:0BEE3633EAADB7D06C0D380B749F2F1A
                                                                                                                                                                                                                                                                          SHA1:2443B273B40B19CDE2A97078F86B2C6AD6AB3045
                                                                                                                                                                                                                                                                          SHA-256:21C72DB1872215A0CC758CC0B652119BCE0299E6072B03DF53386B92F5081B4E
                                                                                                                                                                                                                                                                          SHA-512:92C7D568F326B7C77F9BFA46F23F4DD086338A5E382718AEE55949103EAFF046FD1D12EAE5A466250C46E4E40763A78DB03843B2AD760152E70002E99309FB39
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/css/4.5a6e1f27.chunk.css
                                                                                                                                                                                                                                                                          Preview:@font-face{font-family:"Brutal";font-display:swap;font-weight:300;src:local("Brutal Light"),local("Brutal-Light"),url(https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Light.cc0166f5.woff2) format("woff2"),url(https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Light.8b2730fe.woff) format("woff")}@font-face{font-family:"Brutal";font-display:swap;font-weight:400;src:local("Brutal Regular"),local("Brutal-Regular"),url(https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.85a5d915.woff2) format("woff2"),url(https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.48c79c95.woff) format("woff")}@font-face{font-family:"Brutal";font-display:swap;font-weight:500;src:local("Brutal Medium"),local("Brutal-Medium"),url(https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Medium.df2da420.woff2) format("woff2"),url(https:/

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 847

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65371), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):565282
                                                                                                                                                                                                                                                                          Entropy (8bit):5.636894960412596
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:PsV8r2dXI4/Cy1VgVsA1dN36qdfq7sk6kBGllwf:PWI1SVgOIN/Zw4lKf
                                                                                                                                                                                                                                                                          MD5:30C62D2BD7BC7B0BDBD858138C3D2416
                                                                                                                                                                                                                                                                          SHA1:F97D0266E6A784893EC979CBE4803261ECDAA399
                                                                                                                                                                                                                                                                          SHA-256:06392DD2E4579B719042691C572E6C30EF4C5699BBEF8D92215336F11EFD866B
                                                                                                                                                                                                                                                                          SHA-512:2476497D49F6175B23E87D58ABDD746EA656706CB2DA566DBD469368AB26B9479B0D70D83EBDC755A668B6BD0B2B54CF443476C1D533B9B592B494445CC24F1B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=MMYtK9e8ewvb&l=english
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[179],{76430:(e,t,n)=>{var o={"./sales_brazilian.json":[56195,9513],"./sales_bulgarian.json":[59784,3591],"./sales_czech.json":[33497,5494],"./sales_danish.json":[7401,9561],"./sales_dutch.json":[57409,9828],"./sales_english.json":[12445,1546],"./sales_finnish.json":[87956,3007],"./sales_french.json":[98965,2235],"./sales_german.json":[43093,4293],"./sales_greek.json":[45906,7971],"./sales_hungarian.json":[6131,867],"./sales_indonesian.json":[48340,7192],"./sales_italian.json":[16260,4979],"./sales_japanese.json":[53461,9991],"./sales_koreana.json":[2335,5439],"./sales_latam.json":[55341,7924],"./sales_norwegian.json":[90497,960],"./sales_polish.json":[80600,2723],"./sales_portuguese.json":[57278,6658],"./sales_romanian.json":[30499,9316],"./sales_russian.jso

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 848

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 21700, version 1.0
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):21700
                                                                                                                                                                                                                                                                          Entropy (8bit):7.989666631701204
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:PxbG/ZciREUTWlMwbptJm5f9/1HuLZ4r38bxSpfGL/+SHA+ilQlO3fq8O/4s:5bfiBWlRPm5fjrruYJGTiqlO3fo/p
                                                                                                                                                                                                                                                                          MD5:7D75A9EB3B38B5DD04B8A7CE4F1B87CC
                                                                                                                                                                                                                                                                          SHA1:68F598C84936C9720C5FFD6685294F5C94000DFF
                                                                                                                                                                                                                                                                          SHA-256:6C24799E77B963B00401713A1DBD9CBA3A00249B9363E2C194D01B13B8CDB3D7
                                                                                                                                                                                                                                                                          SHA-512:CF0488C34A1AF36B1BB854DEA2DECFC8394F47831B1670CAB3EED8291B61188484CC8AB0A726A524ECDD20B71D291BCCCBC2CE999FD91662ACA63D2D22ED0D9F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......T...........T_..........................4..*....`..~..d..u.....,..$.....6.$..|. ..V..K..^.=...sp.f.m../....l\.....T.9.n..A...........2x.{P[V..v%..M...f.7..+c.cM.'...$..u.H4[?i.'..T..+.(...L...inV.@.dd....T.. }b...c.ghRA..I$.su.....`....Q.OB..S.{.#.3..o.{v.........n...]f#b.J_.......}# ..1... F........=?O.|._p........X.6.VQ.*.E..rU...}....dK.$...0.W..2i..Y...9.Y.............f{..6'....C:%.(........}.....W..._....k...|.........Y8./..e..........L......_.9..v...2F..$..y)....UWu_..T.]qE.H.b..OP...B@.4.!,F..._............z.3.*.A,h.M.(...6~_[U$.....uM2.*..qz.v.........hV\|?.......M-.h..by.A,.}.....?...52.g.,....<..s..k....h.U.]1.1..O......m......j...}6.j.v.a..R....Fj...).fO3........GSM....... ...GL..({A....$O..&'..\....:.x....{N.p8..q..iF..k...b.>....<..M..`.....d.I.5... .x...mo.L.?A(..F }./.._V.e.A.Z3.....C...h...f......(,..3....%.h'.?sG..&x..W.......b].'34.S#s...wiG.O....J.ADDDDBw.m;.....K.ti).....?.6.\.M..d.....[.z....4..D.b...6..F.....F..D.r

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 849

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4009), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):38914
                                                                                                                                                                                                                                                                          Entropy (8bit):5.717248109748553
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:imOhyrYzdKV7qyaFVwoY5Xv+45KqTUIvSQNnKJb4Ud4xh5VgIynR:jYkFI4o4Ud4xA
                                                                                                                                                                                                                                                                          MD5:1AD0577EE33BAA5DA4ED9C4FE4DCAA6C
                                                                                                                                                                                                                                                                          SHA1:BB0115D4AD266D451CBE81EE42E12A7DC5BCB026
                                                                                                                                                                                                                                                                          SHA-256:182458FDA20FF7A0C296E4F82D21DB5BB07FDEB8279EB59EC09238CF65C634C2
                                                                                                                                                                                                                                                                          SHA-512:CF11F7045F43BAE9CF73EC6509EAA0E6954328097E4C2FE3FC631CF59826A8386AA90F40A90883A869A1B73A71219E2A1A7B8D1DE566A193F46D2062A77E1328
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/css/globalv2.css?v=GtBXfuM7ql2k&l=english
                                                                                                                                                                                                                                                                          Preview:..html {...height: 100%;..}....body {...background: #1b2838;.....text-align: left;.....color: #8F98A0;...font-size: 14px;.....margin:0;...padding:0;..}....body.flat_page {...position: relative;...min-height: 100%;..}....body.flat_page.black {...background: #000000;..}..body.flat_page.no_bg {...background: none;..}....body.flat_page.blue {...color: #636363;..}..../* this makes the footer appear at the bottom of the window on short pages */..body.flat_page .responsive_page_frame {...position: static;..}....body.standard_page {...min-width: 958px;..}....body, textarea {...font-family:Arial, Helvetica, Verdana, sans-serif;..}....h1, h2, h3, h4, h5, h6 {...margin: 0px;..}.....pagecontent {...padding-bottom: 128px;..}...pagecontent.in_client, .pagecontent.no_header {...background-position: center top;..}..body.flat_page.blue .pagecontent {...background: none;..}..@media screen and (max-width: 910px).{..html.responsive .pagecontent {... padding-bottom: 0;...}...}..html.responsive.touch .pa

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 850

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansThin4.015;Plau;MotivaSan
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):118736
                                                                                                                                                                                                                                                                          Entropy (8bit):6.0569560995718
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:GAAAAAAAgsAAAYgIAAAAsAuErzzzz6mfzzVCA9zzzzzzdp/koLAGXImE98YfgNi9:kErZDE9BfgNiX9k3SDHewStfNwS0fj9
                                                                                                                                                                                                                                                                          MD5:CE6BDA6643B662A41B9FB570BDF72F83
                                                                                                                                                                                                                                                                          SHA1:87BCF1D2820B476AAEAEA91DC7F6DBEDD73C1CB8
                                                                                                                                                                                                                                                                          SHA-256:0ADF4D5EDBC82D28879FDFAAF7274BA05162FF8CBBDA816D69ED52F1DAE547F6
                                                                                                                                                                                                                                                                          SHA-512:8023DA9F9619D34D4E5F7C819A96356485F73FDDCB8ADB452F3CEEFA8C969C16CA78A8C8D02D8E7A213EB9C5BBE5C50745BA7602E0EE2FE36D2742FB3E979C86
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG............GDEF...4...,...@GPOS".j....l..j.GSUB.d....k.....OS/2t..........`cmap.d..........cvt E...........fpgm.6!.........gasp............glyf;9.........Thead.z.;.......6hhea...........$hmtxj4.w...8....locaij*V... ....maxp........... name............post.......|....prep...........................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 851

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17682), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):17847
                                                                                                                                                                                                                                                                          Entropy (8bit):5.165299716737476
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+TH1MyvxXKapD1Ej6RQvGtHopybcvUKyq:mKyp6iD1Ej6RQvGtHopybcjH
                                                                                                                                                                                                                                                                          MD5:2995909D5EB83817A35F759B50611039
                                                                                                                                                                                                                                                                          SHA1:73E6ACD22F35703005CF57A8151CA5512FCD4D12
                                                                                                                                                                                                                                                                          SHA-256:9FD5854A8C52F0B004D3E12AB65EC0F8E7B4F0C9C609A39BC0EC1925EFDB3F1E
                                                                                                                                                                                                                                                                          SHA-512:879F1053BD689E1DEBCE4CFABFA056B61FC84139323BC1F2DD191484081A05EA6E61E9C7DB4F0A943712871E851F5C6ECED557A90F42C4DCA17E9EC40A971E6E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/chunk~b393eea1b.js?contenthash=c757033170cad72b064d
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkstore=self.webpackChunkstore||[]).push([[4077],{6514:e=>{e.exports={LoadingWrapper:"throbber_LoadingWrapper_3Z36h",Static:"throbber_Static_kwzRJ",none:"throbber_none_2iT5l",bottomCircle:"throbber_bottomCircle_3-sjx",noString:"throbber_noString_M4pF_",Throbber:"throbber_Throbber_7MdwT",throbber_small:"throbber_throbber_small_29-XT",throbber_medium:"throbber_throbber_medium_1yqSo",throbber_large:"throbber_throbber_large_1u2tL",throbber_center_wrapper:"throbber_throbber_center_wrapper_Yi4EM",ThrobberText:"throbber_ThrobberText_1Zlvf",blur:"throbber_blur_3ebLc",ThrobberRoundLoop:"throbber_ThrobberRoundLoop_3SEk8",roundOuterOutline:"throbber_roundOuterOutline_3M8Ar",roundOuter:"throbber_roundOuter_3H7At",roundFill:"throbber_roundFill_2FWWt",ThrobberFillLoop:"throbber_ThrobberFillLoop_1-rlb",topCircle:"throbber_

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 852

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansThin4.015;Plau;MotivaSan
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):118736
                                                                                                                                                                                                                                                                          Entropy (8bit):6.0569560995718
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:GAAAAAAAgsAAAYgIAAAAsAuErzzzz6mfzzVCA9zzzzzzdp/koLAGXImE98YfgNi9:kErZDE9BfgNiX9k3SDHewStfNwS0fj9
                                                                                                                                                                                                                                                                          MD5:CE6BDA6643B662A41B9FB570BDF72F83
                                                                                                                                                                                                                                                                          SHA1:87BCF1D2820B476AAEAEA91DC7F6DBEDD73C1CB8
                                                                                                                                                                                                                                                                          SHA-256:0ADF4D5EDBC82D28879FDFAAF7274BA05162FF8CBBDA816D69ED52F1DAE547F6
                                                                                                                                                                                                                                                                          SHA-512:8023DA9F9619D34D4E5F7C819A96356485F73FDDCB8ADB452F3CEEFA8C969C16CA78A8C8D02D8E7A213EB9C5BBE5C50745BA7602E0EE2FE36D2742FB3E979C86
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG............GDEF...4...,...@GPOS".j....l..j.GSUB.d....k.....OS/2t..........`cmap.d..........cvt E...........fpgm.6!.........gasp............glyf;9.........Thead.z.;.......6hhea...........$hmtxj4.w...8....locaij*V... ....maxp........... name............post.......|....prep...........................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 853

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.284183719779189
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:tXMlSNDrPUbql:t8lSBjUbql
                                                                                                                                                                                                                                                                          MD5:89A022138DAA614E95AD7A3B9AE198C9
                                                                                                                                                                                                                                                                          SHA1:7D91DA531C71F444BE043BB095B3C9FE45D36BD6
                                                                                                                                                                                                                                                                          SHA-256:D1A7039F33569760901D2298295A6EDE0841EF03BF01C080B407941004DAA915
                                                                                                                                                                                                                                                                          SHA-512:D7A228A873307228BCB7C48C96016A390A54961322D9A68DE2C8142BD4D208C47C39BA24EF202AB367E86B6F6BF1B2E537840C3A295DA5EFD94DAF3880183BE0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkhAeT2F8iV5hIFDZFhlU4SBQ01hlQc?alt=proto
                                                                                                                                                                                                                                                                          Preview:ChwKDQ2RYZVOGgQIVhgCIAEKCw01hlQcGgQISxgC

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 854

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (630)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1113
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2086674482821
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:RCzZDLM7yC3yJHPyCs2gWuxQWH3bVL+s1L2QuGj4RChUsn:czFMNK5NvuxfXBxi6xhUsn
                                                                                                                                                                                                                                                                          MD5:5A416C750EF1D79327625D7DE6DA5BF9
                                                                                                                                                                                                                                                                          SHA1:46D21AF1BA53C3A16A39B0DD9559F64328F2841D
                                                                                                                                                                                                                                                                          SHA-256:21AF2EAFBD649727B169E5D52C55BC71DFEA53BEE94C08D3F6C1ED0543433330
                                                                                                                                                                                                                                                                          SHA-512:742F981E80497C9943699A9DEAB5AACE003EA412C6171515E9554DC3D603E1C06C62207CC856E1ADE63492EEC62091D0421F99370A7B148B5EFA717CC8945FB8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/RxPOZF3XHzp.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("camelize",[],(function(a,b,c,d,e,f){var g=/-(.)/g;function a(a){return a.replace(g,function(a,b){return b.toUpperCase()})}f["default"]=a}),66);.__d("hyphenate",[],(function(a,b,c,d,e,f){var g=/([A-Z])/g;function a(a){return a.replace(g,"-$1").toLowerCase()}f["default"]=a}),66);.__d("getStyleProperty",["camelize","hyphenate"],(function(a,b,c,d,e,f,g){function h(a){return a==null?"":String(a)}function a(a,b){var d;if(window.getComputedStyle){d=window.getComputedStyle(a,null);if(d)return h(d.getPropertyValue(c("hyphenate")(b)))}if(document.defaultView&&document.defaultView.getComputedStyle){d=document.defaultView.getComputedStyle(a,null);if(d)return h(d.getPropertyValue(c("hyphenate")(b)));if(b==="display")return"none"}return a.currentStyle?b==="float"?h(a.currentStyle.cssFloat||a.currentStyle.styleFloat):h(a.currentStyle[c("camelize")(b)]):h(a.style&&a.style[c("camelize")(b)])}g["default"]=a}),98);.__d("WebPixelRatio",["SiteData"],(function(a,b,c,d,e,f,g){function

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 855

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2143635
                                                                                                                                                                                                                                                                          Entropy (8bit):4.923592820181291
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:N1gBsSauueScxf7OHfh/U9H5o/4Q/5mdAUJsC8icAX5GcsXuYgUcw1ku0fql9WK6:Ao/4Q/5mdUCv012
                                                                                                                                                                                                                                                                          MD5:63D7246E24E9F5F90957DCA11478AEFC
                                                                                                                                                                                                                                                                          SHA1:8E5628E46783E8B2502FCF4B26122B163BA39546
                                                                                                                                                                                                                                                                          SHA-256:0D7651C8BB4709767C3EB26EC0646A5B573430D9DEA968DE975E0D8D414C86CF
                                                                                                                                                                                                                                                                          SHA-512:F62FA27BEC19D2CD35AEEFB4E6B3B6C5223554279EA40852CD12674556551156B2249B264B7A362D26B17DC861BE7597FECA8A0406D4249B787464C4C7967A8A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.RPtrYjrQ2-8.L.B1.O/am=ABAK/d=0/rs=AGKMywGMANIIRqiopkhMN2smVtiJmkNTwA
                                                                                                                                                                                                                                                                          Preview:.lottie-component{display:block}.yt-spec-icon-shape{display:flex;align-items:center;justify-content:center;width:100%;height:100%}.yt-core-attributed-string--inline-flex-mod{display:inline-flex;height:1.4em;vertical-align:middle}.yt-core-attributed-string--inline-block-mod{display:inline-block}.yt-core-attributed-string__image-element--image-alignment-bottom{vertical-align:bottom}.yt-core-attributed-string__image-element--image-alignment-baseline{vertical-align:baseline}.yt-core-attributed-string__image-element--image-alignment-vertical-center{align-self:center}.yt-core-attributed-string__link{text-decoration:none}.yt-core-attributed-string__link--display-type{display:inline}.yt-core-attributed-string__link--call-to-action-color{color:#065fd4}.yt-core-attributed-string__link--overlay-call-to-action-color{color:#3ea6ff}.yt-core-attributed-string--link-inherit-color .yt-core-attributed-string__link--call-to-action-color{color:inherit}.yt-core-attributed-string--highlight-text-decorator .

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 856

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (826)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):8035
                                                                                                                                                                                                                                                                          Entropy (8bit):5.300204980570846
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:yPaBoQ4kTLC9Knp8GiiFC2hD6tLGkrPYhzK:yqLHC9Knp8GbC2hOtLGCPyK
                                                                                                                                                                                                                                                                          MD5:D16ECF77068D5E88B61422A1516459D8
                                                                                                                                                                                                                                                                          SHA1:C0B52A386A611E349B1AF59773768CCBE8D7F095
                                                                                                                                                                                                                                                                          SHA-256:CEA9A8CCE7EBBD78FC18DE0183D1F55CC0E3F2B3984E6DCEEE422D04AFD63D2B
                                                                                                                                                                                                                                                                          SHA-512:199276BDA86C44AC94026EE65A4FA90772E2313E7F946AF7F370AB2D19443B9A1B333520499134A3D72D37A0EAC17CBCD0B5B6E2F739DDD9495B9A599FA54295
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=A7fCU,AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,VwDzFe,W2YXuc,YHI3We,YTxL4,ZUKRxc,ZZ4WUe,ZwDk9d,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,bm51tf,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPfo0c,qmdT9,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,w9hDv,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.iKa=_.w("wg1P6b",[_.Xy,_.en]);._.k("wg1P6b");.var $Za=function(a,b){b=b||_.La;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);0<g?c=f+1:(d=f,e=!g)}return e?c:-c-1},a_a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},b_a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return a_a(b,a)},c_a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if(_.Uh&&!(9<=Number(_.ii))){if(9==a.nodeType)return-1;if(9==b.nodeType)return 1}if("sourceIndex"in.a||a.parentNode&&"sourceIndex"in a.parentNode){var c=1==a.nodeType,d=1==b.nodeType;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?a_a(a,b):!c&&_.Wi(e,b)?-1*b_a(a,b):!d&&_.Wi(f,a)?b_a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.Ii(a);c=d.createRange

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 857

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2106
                                                                                                                                                                                                                                                                          Entropy (8bit):7.554456957317547
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:EWP8JUaPVKWwCtcHB3sXXRBJ3v8qkZ/aWr/3KZerMLvSOxJ3Df8sfqV1:lkJVKWw03XXZ4Meo931fq
                                                                                                                                                                                                                                                                          MD5:6452ED75C53E1A8E90A664DF18959A90
                                                                                                                                                                                                                                                                          SHA1:AC01FC2F40F0E4808E22A9C569F3775F0F15A5E2
                                                                                                                                                                                                                                                                          SHA-256:C7BAC3E7016DFC7EB5787579BAC6B975B433FC1A9C279DAFC35649D4782F2061
                                                                                                                                                                                                                                                                          SHA-512:4B23F7FB31826943CBA6496BD74DC620C8EC3B8F0525497E825F1F1F87486335D4374F85417458C3C3E018C2215B9B419D7DE77CB67AAE9EA619038432E1EB10
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/eFZD1KABzRA.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............e..5...YPLTEGpL.e..e..e..p..e..f..f..h..f..f..`..`.....g..f..f..g..g..f..f..f..g..f..h..e..f..d..g..e..e..c..f..f..e..f..g..g..e..f..f........i..h..e..f..f.....e........e..g..f..f..f..f..f..f..g........f..e..e.......F........................f....F.....d........'y.....p....E.....U..7..t.................6..t...........U.................................p......uy...LtRNS.0`..... ......p..._....@..@..oPP...O.^..__....0.o.o.oO..p.P.P_n. ..@0..P........DIDATx..YS.G..G.]..N...t.6&.$..8v|.>{.."....m.3...../...X...*./.....z..Z...^-."|GT(T.K..Z..n..z.3..BT..Z....\.)..Y.....)..\XZs%..e../...........:....Z.R...,X...B....VCL......".~)P...@..P..8......YG..<...=..BLs..CX........0..J...I....Z..,....0g...i...B..}6.Eh.$.g.D1.k......... ..WYD....O..b~.~......U..s4..?...d0........x.g7.zF...........9..G*.A...~...=#.w0.1Z......K..BV..>....x.p...<LS...ft..(|...2XDE.Q...yc..$Mu.@.L...R=.X,.H....!.X).j../.-q2.....09.........\...&.bYk........j.o......../.u}..(5!.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 858

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (19300)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):275846
                                                                                                                                                                                                                                                                          Entropy (8bit):5.410655357576312
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:IPHaQFj9XsJ/yfJJubY9OD47YzP4HEBJP2IUeQwfwRAHQyVV8XZEnxOyH75ZiK+o:aTxm7jP2IcAr9l5gnSDOOF
                                                                                                                                                                                                                                                                          MD5:638EE42C7C956B82BA170FCF8561B72F
                                                                                                                                                                                                                                                                          SHA1:AE4D843F9BA6704C64F2ADC6A436C29963CFA4D7
                                                                                                                                                                                                                                                                          SHA-256:75F22482BFB9399C963FC48FAED153624F4E6B8926DB96F2AEE892A0BED79E90
                                                                                                                                                                                                                                                                          SHA-512:2C692BFFEF800A6FA760AA833103D7B90E1EBE8BA7B2C8F6B0D7DF39AB5529E98C0961A2D221A4A9E2E0AA5808955265D1B07913D4D7FBFFF78E48A88F808A7F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3/yv/r/r50IAg5mwcP.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 859

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                          Entropy (8bit):4.221928094887362
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:tUY/i3+DrMyMcI:tURu5O
                                                                                                                                                                                                                                                                          MD5:9504A5854D071E094FAAF5B7B0CD2E1F
                                                                                                                                                                                                                                                                          SHA1:B8D00312C0F364361C3C911219D8DD340FDB4AA5
                                                                                                                                                                                                                                                                          SHA-256:1693A172DCDEB88D737B7715758D081322CB1DE8D21E9B14C120008E027CC28B
                                                                                                                                                                                                                                                                          SHA-512:6E55D3E4D05AE6A0A93CE848E1466FC23552D9B5EBC6680196BD0A961474034B2D73716D73CA8283ADACC0D52BBC80B4B1167F9B554614F4B9AA2BDD3449F13E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkbMnFS9SzlUhIFDXhvEhkSBQ3Fk8Qk?alt=proto
                                                                                                                                                                                                                                                                          Preview:ChwKDQ14bxIZGgQIVhgCIAEKCw3Fk8QkGgQISxgC

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 861

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):4315
                                                                                                                                                                                                                                                                          Entropy (8bit):5.129546814483834
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:jdrlOMQpaKDBiagJAWear9oaadIcDhWSbVn07cfMerbsCC5hftc/U51dK0i4uVGA:jdrlOzBiasAWEaKzDASbVn07uMerbsCL
                                                                                                                                                                                                                                                                          MD5:1121A6FAB74DA10B2857594A093EF35C
                                                                                                                                                                                                                                                                          SHA1:7DCD1500AD9352769A838E9F8214F5D6F886ACE2
                                                                                                                                                                                                                                                                          SHA-256:78EB4ED77419E21A7087B6DFCC34C98F4E57C00274EE93E03934A69518AD917A
                                                                                                                                                                                                                                                                          SHA-512:B9EB2CEF0EADD85E61A96440497462C173314E6B076636AD925AF0031541019E30C5AF4C89D4EAFA1C2676416BFECEC56972875155020E457F06568BCA50B587
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/opinionLab/opinionLab.js
                                                                                                                                                                                                                                                                          Preview:/*. * This file contains the javascript functions and snippets. * that are used to introduce the site feedback link in the footer.. * Function O_GoT inserts the link in the footer list and assigns onclick. * for popup window that displays the feedback from from opinionlab site.. */..define([], function () {...'use strict';..window.PAYPAL = window.PAYPAL ? window.PAYPAL : {};..var opVars = window.PAYPAL.opinionLabVars;...var _doc = document,..._w . = window,..._tm = (new Date()).getTime(),..._sH = screen.height,..._sW = screen.width;.../**.. * This method forms the siteFeedback image tag to be written into the DOM.. * Note: While calling this method, please make sure to check if sitefbIcon is enabled. This is decided by boolean the property 'showSitefbIcon'... * @returns sfimg.. */..function siteFeedBackImage () {...var sfImg = document.createElement('img');...sfImg.setAttribute('src', opVars.sitefb_plus_icon);...sfImg.setAttribute('alt', '');...return sfImg;..}...function popUp (opi

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 862

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (41541)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):74197
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4551136708766705
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:1pbgXdxJkYuOm3Q+gXHcJXEal5yl/kPHTO677Y8PouA/sqk92474oIhfc0fnraJp:veHchBCdo25qMKcuktHzX+6UevL8F
                                                                                                                                                                                                                                                                          MD5:1A385461F30E3F360D31F242FD6B3D98
                                                                                                                                                                                                                                                                          SHA1:0C0D69D3D866E93732265776AE44FD02DB855D99
                                                                                                                                                                                                                                                                          SHA-256:F89934AC0709430477B8A664F72035461A08E79AAB91944D71D695660D810C13
                                                                                                                                                                                                                                                                          SHA-512:8F5957C1FB9DA9BC831E688F66F4DE1362ED2A2B7A557F9607C7DD93F99D7E07A339B52C350CE1CC236EC5A2B84AE9CE7FF53F12319C967CC4A3D6C5DDCFF161
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/1jvrml64dlmt60uoawzo2af88
                                                                                                                                                                                                                                                                          Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=108)}({108:function(e,t,n){"use strict";n.r(t);var r=n(7),i=n(43);const o="PageViewHeartbeatE

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 863

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (959)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3779
                                                                                                                                                                                                                                                                          Entropy (8bit):5.235578756987755
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:6KySQPgUbvhZ6Jv63DcaTXdPkHyFzZwwV:sdbvivzUPJ7
                                                                                                                                                                                                                                                                          MD5:D7DB3CCDCB36CAC501159AA69B09AA4B
                                                                                                                                                                                                                                                                          SHA1:370F70C2F59E85A59E87AE6F4A4DDC6A8AA2CC7A
                                                                                                                                                                                                                                                                          SHA-256:C1C245D320BCEB2CCA67D5C22A3BA5F4A754A8083A739EF920D8E2026B0E9633
                                                                                                                                                                                                                                                                          SHA-512:72CE1DD9902A898DAFE635B450DEAE3185364B22BB5798B3AB0B70D9C69CAFCA564E37C6B3D1B5DFC55373628AA27128F669DDDA46BE60C5EE023E550DDF60AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/R2oOyt8zLzV.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                                                                                          Preview:form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{-webkit-appearance:none;border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px}textarea{max-width:100%}select{border:1px solid #ccd0d5;padding:2px}input,select,textarea{background-color:#fff;color:#1c1e21}.inputtext,.inputpassword{padding-bottom:4px}.inputtext:invalid,.inputpassword:invalid{box-shadow:none}.inputradio{margin:0 5px 0 0;padding:0;vertical-align:middle}.inputcheckbox{border:0;vertical-align:middle}.inputbutton,.inputsubmit{background-color:#4267b2;border-color:#DADDE1 #0e1f5b #0e1f5b #d9dfea;border-style:solid;border-width:1px;color:#fff;padding:2px 15px 3px 15px;text-align:center}.inputaux{background:#ebedf0;border-color:#EBEDF0 #666 #666 #e7e7e7;color:#000}.inputsearch{background:#FFFFFF url(/rsrc.php/v3/yL/r/unHwF9CkMyM.png) no-repeat left 4px;padding-left:17px}.html{touch-action:manipulation}body{back

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 864

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (64683), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):615503
                                                                                                                                                                                                                                                                          Entropy (8bit):5.488741554067423
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:jMU/WdEuaSIwNyitEyYDrZjLiwR0MIZMdNhAICd2FMGxLvq7gBkvG:jMUudvfIoWnUyGZSNIvG
                                                                                                                                                                                                                                                                          MD5:3DD5A1749A934CB7E974703B9B69A88C
                                                                                                                                                                                                                                                                          SHA1:17E11C3CB73ECB6B9FA981349FCFD4D68726FDD3
                                                                                                                                                                                                                                                                          SHA-256:1D2A4FC1B95AD9758CE245B8CC2ECEE432E04A62F6BE3A9CA21995344FB062E9
                                                                                                                                                                                                                                                                          SHA-512:7DF7F93B097674314C81A80D56478AC95527B60AA8AFCF44B22B317A31549B9C9CDEDF2CF5263F7378438F1876EBD4C74AFD9433A05EFCC218A7177EC0B76A28
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/vendor.1b81224a.js
                                                                                                                                                                                                                                                                          Preview:window.__SCRIPTS_LOADED__.runtime&&((self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["vendor"],{364551:(e,t,r)=>{"use strict";r.r(t),r.d(t,{getPlaceholder:()=>o,placeholderLength:()=>s,placeholderParts:()=>a,placeholderPattern:()=>u,sentinel:()=>n,tildaPadding:()=>i});const n="992bba08-8399-4bde-ab97-c1305e64876 SSR-I18N f2c6ac64-eb07-4bf8-bb18-52a36cf153b7",i="~~~~~~~~~~",a=[`${i} `,` ${n} `,` ${i}`],o=a.join.bind(a),u=new RegExp(`${i} ([a-j][a-f0-9]{7}) ${n} \\1 ${i}`,"g"),s=o("a0000000").match(u)[0].length},862302:e=>{"use strict";e.exports.ActualI18NFormatMessageKey="_ActualI18NFormatMessage"},561174:(e,t,r)=>{"use strict";r(906886),r(136728),r(385940);const n=r(673957),i=r(364551),{ActualI18NFormatMessageKey:a}=r(862302),o=n&&!1,u={};let s,l;const c=(e,t)=>l[t],d={},f={},p=e=>f[e.toLowerCase()]||f[e.split("-")[0]]||"en",h=[],v=(e=>{let t,r;return(n=s)=>n===t?r:(t=n,s=p(t),r=e(s))})((e=>Promise.all(h.map((e=>t=>t(e))(e))).then((()=>{t.l

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 865

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (10441)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):10593
                                                                                                                                                                                                                                                                          Entropy (8bit):5.335613908486199
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:8XGVIiVPfof+JW49vhtW1YaX7hVyEt4nBkSU/np9pCyqitF:8JifTtWKaB2mSURWyqitF
                                                                                                                                                                                                                                                                          MD5:C89D9A43C26A255A92D02F23F407DADE
                                                                                                                                                                                                                                                                          SHA1:A419F81828065E7DA6CBA21E84426AD25D609EE0
                                                                                                                                                                                                                                                                          SHA-256:F20E1C30C812FE80E99FF6ACDAF498D6F2BE31FF6F2DCAABAE2AA5201F86AB6D
                                                                                                                                                                                                                                                                          SHA-512:5663A80B1836FD04E074985A73FBEB003A180FA687B7E55DEBEB28B01D8E107EF45E0548FB535B4CB0D7D22D9515AB497EB6EAFEB667B418349E0949C679951A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.SideNav~bundle.JobSearch.14d5e5fa.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.SideNav~bundle.JobSearch"],{406643:e=>{var t,n={fragment:{argumentDefinitions:[],kind:"Fragment",metadata:null,name:"AccountSwitcherDelegateQuery",selections:t=[{alias:null,args:[{kind:"Literal",name:"s",value:"4721"}],concreteType:"Viewer",kind:"LinkedField",name:"viewer_v2",plural:!1,selections:[{alias:"pendingGroups",args:[{kind:"Literal",name:"roles",value:["Admin","Contributor"]},{kind:"Literal",name:"status",value:"Pending"}],concreteType:"DelegationGroup",kind:"LinkedField",name:"list_delegation_groups",plural:!0,selections:[{alias:null,args:null,kind:"ScalarField",name:"id",storageKey:null}],storageKey:'list_delegation_groups(roles:["Admin","Contributor"],status:"Pending")'}],storageKey:'viewer_v2(s:"4721")'}],type:"Query",abstractKey:null},kind:"Request",operation:{argumentDefinitions:[],kind:"Operation",name:"AccountSwitcherDelegateQuery",selections:t},pa

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 866

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2750156
                                                                                                                                                                                                                                                                          Entropy (8bit):5.265692007123041
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:Hc7HGRobmtDU9zbjwJMdS31Ty0Bx22ABaVe:/m9
                                                                                                                                                                                                                                                                          MD5:85771DF2CB987A0864387F55C4CAC8FA
                                                                                                                                                                                                                                                                          SHA1:321F1A56E8ACA5C1A1783FE2C7CA59E9AD4E9D36
                                                                                                                                                                                                                                                                          SHA-256:FBC871638545DF5E81AB2453D0D9729F7E8D87E106DBFF47B789D2BCF82CD093
                                                                                                                                                                                                                                                                          SHA-512:2362FFD47928C7AE48FBCF3FEFF0AEA036C70404E1E95E1CFC1AAA0FD86347FE98BA179A7EBB95D78BC0789B5CFA04DE2CFA68061D82DE9B6187E8310AC34CA1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/main.8a8e414a.js
                                                                                                                                                                                                                                                                          Preview:window.__SCRIPTS_LOADED__.vendor&&((self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["main"],{126738:(e,d,n)=>{var t=n(379404);t.loadLanguage.registerChunkLoader((function(e){return n(831893)(`./${e}`)}),["en","ar","ar-x-fm","bg","bn","ca","cs","da","de","el","en-GB","en-ss","en-xx","es","eu","fa","fi","fil","fr","ga","gl","gu","ha","he","hi","hr","hu","id","ig","it","ja","kn","ko","mr","ms","nb","nl","pl","pt","ro","ru","sk","sr","sv","ta","th","tr","uk","ur","vi","yo","zh","zh-Hant"]),e.exports=t},831893:(e,d,n)=>{var t={"./ar":[240421,"vendor","i18n/ar"],"./ar-x-fm":[397180,"vendor","i18n/ar-x-fm"],"./ar-x-fm.js":[397180,"vendor","i18n/ar-x-fm"],"./ar.js":[240421,"vendor","i18n/ar"],"./bg":[216664,"vendor","i18n/bg"],"./bg.js":[216664,"vendor","i18n/bg"],"./bn":[793458,"vendor","i18n/bn"],"./bn.js":[793458,"vendor","i18n/bn"],"./ca":[45949,"vendor","i18n/ca"],"./ca.js":[45949,"vendor","i18n/ca"],"./cs":[690186,"vendor","i18n/cs"],"./cs.js

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 867

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2164), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2164
                                                                                                                                                                                                                                                                          Entropy (8bit):5.007692541572839
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:/CpDuMY6wRQAQl07kBeFxDKNpK9xvj+Zy3t:/snIQAFhRl
                                                                                                                                                                                                                                                                          MD5:68225657C41B94DFDD7669563FA18C80
                                                                                                                                                                                                                                                                          SHA1:58E43494BC31122F06FCB3AA3764BE2883D0618F
                                                                                                                                                                                                                                                                          SHA-256:72BCCD36C17AA93A7BB553557626BB720BE60CDE2357D817BD03AF6BE67CF08E
                                                                                                                                                                                                                                                                          SHA-512:18441A68B88395A98A1721CE772AA98D0A05AC080E4C7C2A8A0598F46837FCFF8A1C5978E6A0C3146A088CCA632ED43B377FF63DB15195976AE958D35E9FB1CB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/65xtw2y5evpkuq3vtf8wiydts
                                                                                                                                                                                                                                                                          Preview:!function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={i:o,l:!1,exports:{}};return e[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,o){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:o})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(o,r,function(t){return e[t]}.bind(null,r));return o},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=91)}({91:function(e,t){var n=document.querySelector(".language-selector"),o=document.querySel

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 868

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):216963
                                                                                                                                                                                                                                                                          Entropy (8bit):5.392999604518265
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:Hx3Hk7Giy5sV+ZzpYeWDDcjSRs/2syXHGWLu8lz+uNfikXa:Hx3Hk7Giy59ZzpYeCcjSRtXHQ8HfNXa
                                                                                                                                                                                                                                                                          MD5:BA9A79CD0700EAF78DFDC417176FC76B
                                                                                                                                                                                                                                                                          SHA1:25E4C38A5E6A9FF953E7B58F7A812FC16AD06666
                                                                                                                                                                                                                                                                          SHA-256:D4D29C324C84258114CEA70E48392022753F1C785C10A876BD84E5304208D74D
                                                                                                                                                                                                                                                                          SHA-512:B4FA7ED9817B7B4EEC5002E82B2B4A145C1537BC61E609944321EAD7F699EC8AD6051DF4942E43CAF4E153F4E0D77D62CD5275EC06B42CED7C094172DA5B8757
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AudioDock~bundle.ReaderMode~bundle.AudioSpacePeek~bundle.AudioSpaceAnalytics~bundle.AudioSpaceR.362c1e3a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AudioDock~bundle.ReaderMode~bundle.AudioSpacePeek~bundle.AudioSpaceAnalytics~bundle.AudioSpaceR"],{389150:(e,t,n)=>{n.d(t,{S:()=>s});n(906886),n(743108);var i=n(615579);function s(e){return(t,n)=>{const s=e.analytics.contextualScribeNamespace,a={...e.details,scribe_context_namespace:s,...n},[,r,o,c,l,d]=t.split(":"),u={page:r,section:o,component:c,element:l,action:d},p=Object.keys(u).reduce(((e,t)=>{const n=u[t];return n&&"*"!==n&&(e[t]=n),e}),{}),h={...p,action:p.action,data:{items:[{item_type:i.Z.ItemType.AUDIO_SPACE,audio_space_details:a}]}};e.analytics.scribe(h)}}},703295:(e,t,n)=>{n.d(t,{ZL:()=>a,he:()=>d,p$:()=>l});n(571372);var i=n(545843),s=n(64450);class a{constructor(e,t){this.environment="production",this.session_uuid=null,this.client=new i.ZP({errorFilter:o,host:c(this.environment)}),this.chat_token=e,this.auth_token=t}dispatch(e,t,n,i=0){const a=JSON.s

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 869

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (56506)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):57367
                                                                                                                                                                                                                                                                          Entropy (8bit):5.304834653347699
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:0MxmvGWHzfugFNANA5AE1BQ6l/9/JM6dIV7viibR0mT9fU2dAb60Q0gssxTwOIdG:y+W7JFNANA5AEN8C60FgssxTw5Wix4N
                                                                                                                                                                                                                                                                          MD5:E1ABCD5F1515A118DE258CAD43CA159A
                                                                                                                                                                                                                                                                          SHA1:875F8082158E95FC59F9459E8BB11F8C3B774CD3
                                                                                                                                                                                                                                                                          SHA-256:9678DD86513C236593527C9B89E5A95D64621C8B7DBE5F27638AB6C5C858A106
                                                                                                                                                                                                                                                                          SHA-512:AE70D543F05A12A16BA096457F740A085EEA4367BAFB91C063EE3D6023299E80E82C2B7DFE12B2B1C5A21FB496CBB4A421FC66D0EDD0E76823C7796858766363
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
                                                                                                                                                                                                                                                                          Preview:./*@preserve.***Version 1.64.1***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.64.1"]||[]).push([[12],{19:function(e,t,n){"use strict";n.d(t,"a",function(){return i}),n.d(t,"e",function(){return o}),n.d(t,"d",function(){r

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 870

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1116)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):73311
                                                                                                                                                                                                                                                                          Entropy (8bit):5.495988715515248
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:4GIrciEkWXctV34ucboi8XdpGHpBMbSrOLR0QZWtPWDG4nFjI9rkiDyVO9HI4CkD:h45nb3nxQIiENg5Bi+C02byd
                                                                                                                                                                                                                                                                          MD5:4016D4DCF13BF1FF8D1C65CE878F48D9
                                                                                                                                                                                                                                                                          SHA1:E56DC87C0BB0623311C62FA74A1FB208AD11C0B9
                                                                                                                                                                                                                                                                          SHA-256:A56F92536C8E8345BE3E475CF29AD2ED8AA3FD52F7C61B1F999C5BA158D04671
                                                                                                                                                                                                                                                                          SHA-512:7151FF1E4464421D1A8D96528FC3502C86B8BECC697DF61225DF23EA9F3E10DDC33E53953EC7DBAEC600741DA17B881176ECD6861CF523A3E524E66275C2911F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&family=YouTube+Sans:wght@300..900&display=swap
                                                                                                                                                                                                                                                                          Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */./* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. f

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 871

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1667), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):18931
                                                                                                                                                                                                                                                                          Entropy (8bit):5.515200245927563
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:QwtVMAjYb2JalUNlpczHK7giHiEiN/mm+pqOw6GNNZhweP8/F:QmS6FJJNzczHK79Hix/T+pqOwlNzi
                                                                                                                                                                                                                                                                          MD5:04C174EBC8C80B03FDBA4458DED0D2E4
                                                                                                                                                                                                                                                                          SHA1:4072B6346E015AA785FCEF8B60BE5E9D07266F79
                                                                                                                                                                                                                                                                          SHA-256:CB69F807A4D629C2554079002734DFA967A4D2D5749F4E17EBC9BF91E63806A2
                                                                                                                                                                                                                                                                          SHA-512:44701844EA18E83B2FFFB9D850CCF225565DD1615CDB317C2C54084EB8E0593EAE81BAEE1DD347DEEE8835AEEB1000396A9BF5B68732CEF37307970FD301DE39
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&l=english
                                                                                                                                                                                                                                                                          Preview:...responsive_page_frame {...position: relative;..}....body.movescrolltocontent .responsive_page_frame {...position: fixed;...top: 0;...right: 0;...bottom: 0;...left: 0;...overflow: auto;..}....body.overflow_hidden,..body.overflow_hidden .responsive_page_frame {...overflow: hidden;...position: relative;..}....html.responsive {...height: 100%;..}....html.responsive body {...min-height: 100%;...height: auto;...position: relative;..}....html.responsive body.movescrolltocontent {...position: fixed;...top: 0;...right: 0;...bottom: 0;...left: 0;..}.....responsive_page_content {..}.....partner_events .responsive_page_content {.. height: 100vh;..}.....responsive_page_menu_ctn {...position: fixed;...top: 0;...bottom: 0;...overflow: hidden;.....background: black;.....z-index: 30;...width: 280px;..}.....responsive_page_frame:not(.in_menu_drag) .responsive_page_menu_ctn {...transition: left 0.5s, right 0.5s;..}.....responsive_page_menu_ctn.mainmenu {...left: -280px;..}.....responsive_page_menu_

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 872

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (7279)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):35625
                                                                                                                                                                                                                                                                          Entropy (8bit):5.495789601338093
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:6ZJQWlR5lBVL+1lUvDlAlQlzgTBKMF8+AbWQg:o5lBVL+1lTlQlc9W+AbWn
                                                                                                                                                                                                                                                                          MD5:1697116261B347E7D1F4A11C544E93BF
                                                                                                                                                                                                                                                                          SHA1:317739DA918B7D05D1E4543D15EA4F1C34055449
                                                                                                                                                                                                                                                                          SHA-256:FA44550A20D2BE72495C94BD23DB697BB965EA109925E0C64BF7AFC1B288FC90
                                                                                                                                                                                                                                                                          SHA-512:4C07F18A2374D22DC8889BB013785A4365722EF2729C5A1E86AE8E75FA6697C050E49DB42D3A99629FEB6CF128806ACE778DC0C6B9D70E60CB2E72FB99AED056
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/_BJqgRg0BU5.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("BanzaiWWW",["cr:1642797"],(function(a,b,c,d,e,f,g){g["default"]=b("cr:1642797")}),98);.__d("BanzaiUtils",["BanzaiConsts","CurrentUser","FBLogger","WebSession","performanceAbsoluteNow"],(function(a,b,c,d,e,f){"use strict";var g,h,i={canSend:function(a){return a[2]>=(g||(g=b("performanceAbsoluteNow")))()-(h||(h=b("BanzaiConsts"))).EXPIRY},filterPost:function(a,c,d,e){if(e.overlimit)return!0;if(!e.sendMinimumOnePost&&a[4]+e.currentSize>(h||(h=b("BanzaiConsts"))).BATCH_SIZE_LIMIT)return!0;var f=a.__meta;if(f.status!=null&&f.status>=(h||(h=b("BanzaiConsts"))).POST_SENT||!i.canSend(a))return!1;if(f.status!=null&&f.status>=(h||(h=b("BanzaiConsts"))).POST_INFLIGHT)return!0;var g=f.compress!=null?f.compress:!0,j=(f.webSessionId!=null?f.webSessionId:"null")+(f.userID!=null?f.userID:"null")+(f.appID!=null?f.appID:"null")+(g?"compress":""),k=e.wadMap.get(j);k||(k={app_id:f.appID,needs_compression:g,posts:[],user:f.userID,webSessionId:f.webSessionId},e.wadMap.set(j,k),c.push

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 873

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1846
                                                                                                                                                                                                                                                                          Entropy (8bit):7.365755828390777
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:o/51he91Wwh82lYSg767V+6gT3qxyJbRW6vRW6nGPAQ4PKsSnflj0Sybz4+43Ore:o/qQvnb6706gVJbVvVnX/8NAzb/4OFjg
                                                                                                                                                                                                                                                                          MD5:574C350C7B23AE794D5276F8580E0838
                                                                                                                                                                                                                                                                          SHA1:235C7B35C3468F8915ECA01F7ABDB43D34079609
                                                                                                                                                                                                                                                                          SHA-256:8B97BA0DAC22FE6704C1F6D95FE79613F33017804F256ABB9006DF0442491787
                                                                                                                                                                                                                                                                          SHA-512:F1F2D7B6FA49E9241F2B88560127EB2871F66123C2F9DE45B257750CF13E6EBB32A9D85D87AADA6A99838A2F3C5412540065CBAB398760A50F15AAE3A759F9F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...\.........:.;)....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:CA2980EA1CE911E48001B5E88DFE2FC8" xmpMM:InstanceID="xmp.iid:CA2980E91CE911E48001B5E88DFE2FC8" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="022AC118D7972AA30ADDF82E49682075" stRef:documentID="022AC118D7972AA30ADDF82E49682075"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..X[H.Q...7.-.a.E.0.(."....-..z.GIA.O.}..Q.._EQP..(.0{.(z@.......Y.......v..;g.3.Y...93.Y..>{.......02..~b.X....g2..h.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 874

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 283 x 315, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):6739
                                                                                                                                                                                                                                                                          Entropy (8bit):7.892824603052444
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:ojMnL5qfFF9YIdIv8DQ+f7XzWfbuhh1F+4lW0G6rM+mZKFgE9u:eML5qW8kIfOuhoFnxZOd9u
                                                                                                                                                                                                                                                                          MD5:84545F4E3DC299F20C0BE6710CB09858
                                                                                                                                                                                                                                                                          SHA1:F508422FC6BFD6A4866C1752F032BEBCDC9D32B4
                                                                                                                                                                                                                                                                          SHA-256:633002F58522BB2B155769BD8C96D8ED33271F888A2402D46D8E24935CDD03A2
                                                                                                                                                                                                                                                                          SHA-512:C5FC977A38BB6BB84B7FC0167FC060342CB846D5DABB01BCD905A8698960E12EE004543348E063DE5190FEC8DEE217180831BC398A805E7316454957D6080BC3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......;......_.%....PLTEGpL~.........%/...9@G................................................................................................................)3......DKR........................$-6*17..............................dgkdls...egkccdegk............X_f>EL......egkw|.........................6=D.......how!(.MT[...............07>......mt|(3>...S[b...IPW.........1Q..'2.........,39...[cj......ddf:X.:X.:X.:X.'I.:X....6S.7W.:X.:X.cccegk:X.egk:X.;X.3D.9W.?g..%/.......-<Bc....aip...(>]4R.......)3>.(3",7...bjy...ipy......S[e;Y......%/:MT\\dlW_hCJQ...t{.egk..................0;F...18?...nA.WWWemt...}.....FMT...IQX...............{...&0...nv~8?F:CJ*17...h.......y~.QY`?FM.{/......GNU.....K.............]es!(..........4?J.......PPP.r.........?IU.q!....?.^......_gn5My..J2.P....tRNS..f&........... .....F....&;..,#H.2...N.7.l.r...a..[e....7h..S^.....)8..q....?...zA..*0..H.[..v({.H.NV..P...k.C.....-..3y...ob +..l....^E.....sIDATx^..?O.I...!7BABi./@Ag.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 875

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):4286
                                                                                                                                                                                                                                                                          Entropy (8bit):4.933290584110762
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:5+8ItBBBuxc+6QQQQQiRRRRRRRRRRJJO9P111118B:1cjRRRRRRRRRRi90
                                                                                                                                                                                                                                                                          MD5:8CDDCA427DAE9B925E73432F8733E05A
                                                                                                                                                                                                                                                                          SHA1:1999A6F624A25CFD938EEF6492D34FDC4F55DEDC
                                                                                                                                                                                                                                                                          SHA-256:89676A3FB8639D6531C525E5800FF4CC44D06D27FF5607922D27E390EB5B6E62
                                                                                                                                                                                                                                                                          SHA-512:20FBEE2886995C253E762F2BB814AD16890B0989DEAB4D92394363EF0060B96A634D87C380C7BA1B787A8AB312BE968FED9329A729B4E0D64235A09E397DB740
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico
                                                                                                                                                                                                                                                                          Preview:...... .... .........(... ...@..... ......................................................................e.G.c.......................d...c...e.G.............................................................................j...f...f...f...e.......................f...f...f...g...f...j...........................................................m$..j...i...h...h...h...h.......................h...h...h...h...h...i...j...m$..............................................j...j...j...j...j...j...k...j.......................j...k...j...k...k...k...k...l...u.......................................q.-.n...m...l...m...l...l...m...l.......................l...m...l...m...m...m...m...m...n...q.-.............................u...p...o...o...o...o...o...o...o...o.......................o...p...o...p...p...o...p...o...o...p...u........................$..r...r...q...q...q...q...q...q...r...q.......................r...q...r...q...q...r...q...r...r...q...r....$..................v...t...t...t...t...t...t...t...t

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 876

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (35654)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):35782
                                                                                                                                                                                                                                                                          Entropy (8bit):5.471334890993658
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:gE41LrtRweCQ6nZIZMnQy8jqbXcBigl+kvksoxItxyMifDynF49URmISO3gojd19:IzNCQSZbckQ+u5osgWni0L
                                                                                                                                                                                                                                                                          MD5:2FEC8D2E4F97FACE9783C33689DC979A
                                                                                                                                                                                                                                                                          SHA1:D20391003CFF6127818BAE5C909FE630466B9DBB
                                                                                                                                                                                                                                                                          SHA-256:FAD1EC2808BC0E045E38D790100D376940357241D614AC1D38C53ACDFABD68CC
                                                                                                                                                                                                                                                                          SHA-512:B241DBDEE6EB3D69D0044B7C817C7072B838A125530B822CD18840B3154D868E215A3E1562162BD593A720A5FC5DCF1CDA68EAF2F4748B3E980497538C0EAA78
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/loader.SideNav.b6652eda.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["loader.SideNav","icons/IconCircleFill-js","icons/IconClockCircleFill-js","icons/IconFeedback-js","icons/IconFollowArrowLeft-js","icons/IconFollowArrows-js","icons/IconPin-js","icons/IconPromotedPill-js","icons/IconSparkle-js"],{604361:(e,t,i)=>{i.r(t),i.d(t,{default:()=>k});var o=i(202784),n=i(325686),a=i(854044),r=i(973186),s=i(257668),l=i(152577),c=(i(906886),i(645184)),d=i.n(c),h=i(447636),m=i(229496),p=i(611731),u=i(882392);const y=r.default.create((e=>({button:{boxShadow:"0px 8px 28px rgba(0, 0, 0, 0.08)"}}))),g=({disabled:e,icon:t,isExpanded:i,label:n,link:a,onPress:r,testID:s})=>o.createElement(m.ZP,{accessibilityLabel:n,disabled:e,hoverLabel:{label:n},icon:i?void 0:t,link:a,onPress:r,size:"xLarge",style:y.button,testID:s,type:"brandFilled"},i?o.createElement(p.Z,{animateMount:!0,duration:"long",show:!0,type:"fade"},o.createElement(u.ZP,null,n)):null);var b=i(460673);cons

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 877

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1353), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1353
                                                                                                                                                                                                                                                                          Entropy (8bit):5.824666642413639
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:2jkm94oHPcAhXbimX+KVCLTLPeYAgFnu5vtTGJTlWt0gEi16bP5vsLqo40RWUnYN:iEAhu7KonjfcvtTA8O01iGLrwUnG
                                                                                                                                                                                                                                                                          MD5:6096547CFF8F575B7090702F01831169
                                                                                                                                                                                                                                                                          SHA1:7FBECD4F0EB6549890BE6489AC08F28C517BE9AA
                                                                                                                                                                                                                                                                          SHA-256:ED4470632835CC897DD4A330ED8E1113D0D093F8F5CC77545F0592A9F085CFDA
                                                                                                                                                                                                                                                                          SHA-512:747B61CAA9582AFC9570985E2772E8B66C90D8DA616C34178F41BD6B146169A5128C398C077D8EBAC978DE7C495EDADBA03A21570621341EB940BA93003CD998
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.recaptcha.net/recaptcha/enterprise.js?render=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&hl=en
                                                                                                                                                                                                                                                                          Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var E='enterprise',a=w[N]=w[N]||{},gr=a[E]=a[E]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.recaptcha.net/recaptcha/enterprise/';(cfg['enterprise']=cfg['enterprise']||[]).push(true);(cfg['render']=cfg['render']||[]).push('6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A89JPrWYXvEpNQ/xE+PjjlGJiBu/L2GfQcplC/QkDJOS1fBoX5Q4/HLfT1dXpD1td7C2peXE3bSCJiYdwoFcNgQAAACSeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https://www.gstatic.com/recaptcha/releases/

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 878

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):124529
                                                                                                                                                                                                                                                                          Entropy (8bit):7.79044844464572
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:R24zCBv0a8Oz/fxlnI0Nc49J7g3HOHQZP:R2GCea8OzHfjO85ygs
                                                                                                                                                                                                                                                                          MD5:48B805D8FA321668DB4CE8DFD96DB5B9
                                                                                                                                                                                                                                                                          SHA1:E0DED2606559C8100EF544C1F1C704E878A29B92
                                                                                                                                                                                                                                                                          SHA-256:9A75F8CC40BBE9C9499E7B2D3BAB98A447685A361489357A111479517005C954
                                                                                                                                                                                                                                                                          SHA-512:95DA761CA3F99F7808A0148CFA2416B8C03D90859BFF65B396061ADA5A4394FB50E2A4B82986CAAB07BC1FCD73980FE9B08E804B3CE897762A17D2E44935076D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......<......Adobe.d.................................................................................................................................................8........................................................................................!.1.A.".Q.a2.B#q..3Rb$........................!..1.AQ"..a2B#.............?..w:2...................................u...h....u.}@ ...0.......[..M)..p.....^.0.7P2@..<.H.>@........^@w.?.d.....@.p.w.....y.\..]:......`..%.&...>.....h...{.|.....O[4Q ]....k..Rg..y....p..jR'..<.\....AS..)..i#..Ps..7UF...d.6...SRb.O..mr.;.R:.......X_.._.sU\}..R..:cC....S...{x%..=.z..yG.[t.S.5.O._.=3.H..|:r.+..7%b.zt+Nc.\c...|.&.K..-.qz..\...O.+u...3.>./.....5...D...*......H.$.&ER@0..o..gW.u.8'N=...N.Y...g.x...PR................>......>.1...W...C\....a..2...%TA...=oWd...ur..Z......&_...*m..?.....O.....Fly.D.D6.r....OK&....H.b...Z...)A.........]Z.U.4VL.&YS../.0p......p......4.*....)....*B.a.3b.A8....V.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 879

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (533)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5547
                                                                                                                                                                                                                                                                          Entropy (8bit):5.234104150395812
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:+E8YzVFXsVws8HYnkfI+C4yVdbaiGkNF2LSaAuEeRzgf5j6YJR79hamaWslv0Rw:+ajsVws8Hlzg2i/N9hzWgf5jhJR79haZ
                                                                                                                                                                                                                                                                          MD5:936A7C8159737DF8DCE532F9EA4D38B4
                                                                                                                                                                                                                                                                          SHA1:8834EA22EFF1BDFD35D2EF3F76D0E552E75E83C5
                                                                                                                                                                                                                                                                          SHA-256:3EA95AF77E18116ED0E8B52BB2C0794D1259150671E02994AC2A8845BD1AD5B9
                                                                                                                                                                                                                                                                          SHA-512:54471260A278D5E740782524392249427366C56B288C302C73D643A24C96D99A487507FBE1C47E050A52144713DFEB64CD37BC6359F443CE5F8FEB1A2856A70A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
                                                                                                                                                                                                                                                                          Preview:/*.. Copyright 2016 Google Inc. All Rights Reserved... Licensed under the W3C SOFTWARE AND DOCUMENT NOTICE AND LICENSE... https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document..*/.(function(f,h){function t(a){this.time=a.time;this.target=a.target;this.rootBounds=a.rootBounds;this.boundingClientRect=a.boundingClientRect;this.intersectionRect=a.intersectionRect||q();this.isIntersecting=!!a.intersectionRect;a=this.boundingClientRect;a=a.width*a.height;var b=this.intersectionRect;b=b.width*b.height;this.intersectionRatio=a?b/a:this.isIntersecting?1:0}function d(a,b){b=b||{};if("function"!=typeof a)throw Error("callback must be a function");if(b.root&&1!=b.root.nodeType)throw Error("root must be an Element");.this.g=y(this.g.bind(this),this.B);this.D=a;this.h=[];this.i=[];this.s=this.L(b.rootMargin);this.thresholds=this.J(b.threshold);this.root=b.root||null;this.rootMargin=this.s.map(function(c){return c.value+c.unit}).join(" ")}function y(a,b){var c=null;return function

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 880

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):136131
                                                                                                                                                                                                                                                                          Entropy (8bit):5.310312873824174
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:LZuIBobvWngB3xfemTMFPKEEwt/1TJO0MMx4TEZ5jpYwr0svwWVjg9WQ:LNNFPKEE6AfMlZ5jWs0svwWVjg9b
                                                                                                                                                                                                                                                                          MD5:EE9855C647756A4B8377A5F755A468A2
                                                                                                                                                                                                                                                                          SHA1:59352C76AA273D9C49C7D48541BC45F82BD6CC87
                                                                                                                                                                                                                                                                          SHA-256:FF548512B3096AE8062B4ECB74691941B0689AE162F94EE086EB0ED9727E1F55
                                                                                                                                                                                                                                                                          SHA-512:ACA0C683979CE67311997CA2D40D6AF9FC44E75C7A263698DD75C4B30405CA9F000775BEA9964B099A3A0C9856ECC56E859AF9CD793F9CB5E31EA4F6D88D2C6B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/v6/store.css?v=7phVxkd1akuD&l=english
                                                                                                                                                                                                                                                                          Preview:..* {...padding: 0;...margin: 0;..}....img {...border: none;..}......a {...text-decoration: none;...color: #ffffff;..}.......a:focus {...outline: 0px none;..}....a:hover {...text-decoration: none;.. color: #66c0f4;..}....a.nohover:hover {...text-decoration: none;..}......html {...height: 100%;..}....body.v6 {...position: relative;...min-height: 100%;...font-family: Arial, Helvetica, sans-serif;...color: #c6d4df;...font-size: 12px;..}....body.v6.in_client {...background-position: center top;..}....body.v6.game_bg {.. background: #1b2838;..}....body.v6 > div#global_header {...border-bottom-color: #171a21;..}.....v6_bg {.../* background: url( '/public/images/v6/tag_browse_header_bg.png' ) no-repeat center top; */..}....body.blue .v6_bg {...background:....url( '/public/images/v6/blue_top_center.png' ) center top no-repeat,....url( '/public/images/v6/blue_top_repeat.png' ) center top repeat-x..;.....min-height: 370px;..}....body.v6 div#store_header {...background-color: transparent;..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 881

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):169399
                                                                                                                                                                                                                                                                          Entropy (8bit):4.976254040069433
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:CZXcWblD1ySId1u6p3JuZolKvI28mGY7NIj4WT0PjXsW0NKWzcEjpPrmcGKJ/jfT:ocWblASIdIv8tXYPjkrmgD8d3dI
                                                                                                                                                                                                                                                                          MD5:6A39E0B509FECB928D47B8A2643FED2A
                                                                                                                                                                                                                                                                          SHA1:F67FA6CB1D09963D10BA117D6553C8E7D5BC7863
                                                                                                                                                                                                                                                                          SHA-256:D8BDEA7FFF893DBDBEAF6C2AFFEC091A77483B9EC10E7958486BC3B6CC170C96
                                                                                                                                                                                                                                                                          SHA-512:B9B8C6D9AC4928686C5EA254AC8F765C4F3690F79E5B1CCAAFFC48D4BD47872B9CC5475C038F70D804740C81915FDFCE315EBE553B628D12F7CA1CC4467075D0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                                                                                                                                                                                                                                                                          Preview:../* Prototype JavaScript framework, version 1.7.. * (c) 2005-2010 Sam Stephenson.. *.. * Prototype is freely distributable under the terms of an MIT-style license... * For details, see the Prototype web site: http://www.prototypejs.org/.. *.. *--------------------------------------------------------------------------*/....var Prototype = {.... Version: '1.7',.... Browser: (function(){.. var ua = navigator.userAgent;.. var isOpera = Object.prototype.toString.call(window.opera) == '[object Opera]';.. return {.. IE: !!window.attachEvent && !isOpera,.. Opera: isOpera,.. WebKit: ua.indexOf('AppleWebKit/') > -1,.. Gecko: ua.indexOf('Gecko') > -1 && ua.indexOf('KHTML') === -1,.. MobileSafari: /Apple.*Mobile/.test(ua).. }.. })(),.... BrowserFeatures: {.. XPath: !!document.evaluate,.... SelectorsAPI: !!document.querySelector,.... ElementExtensions: (function() {.. var constructor = window.Element

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 882

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2756)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):6429
                                                                                                                                                                                                                                                                          Entropy (8bit):5.530103718196277
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:iUiyS1R+n7sxiiajPpBp0Hrn2oz0EdjudK+ZYxI8p323E3hLwekyuqV:O1Uno4pUrLz5jGKCoPRLweTV
                                                                                                                                                                                                                                                                          MD5:B7028C55126C33D1A24428B28E71CA1B
                                                                                                                                                                                                                                                                          SHA1:D21482A9157478641A225F097A3A86D41517076A
                                                                                                                                                                                                                                                                          SHA-256:19551570548835C8A01F55F01C8C7FB81CA2AF7863D9B833DD889854B336021E
                                                                                                                                                                                                                                                                          SHA-512:4821AB5CCFBEF1E59C76D59A5575884B5893DA105C7DE565365C7357FBF6AFD585F7913CF341D7C222D800746A7EFD17C253C561FB4E171A3B3BE125761E176F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/ysfm_2i9xtW.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("UserActivity",["cr:1634616"],(function(a,b,c,d,e,f){e.exports=b("cr:1634616")}),null);.__d("CometEventListener",["unrecoverableViolation"],(function(a,b,c,d,e,f,g){"use strict";function h(a,b,d,e){if(a.addEventListener){a.addEventListener(b,d,e);return{remove:function(){a.removeEventListener(b,d,e)}}}else throw c("unrecoverableViolation")('Attempted to listen to eventType "'+b+'" on a target that does not have addEventListener.',"comet_ui")}a={bubbleWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{capture:!1,passive:d})},capture:function(a,b,c){return h(a,b,c,!0)},captureWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{capture:!0,passive:d})},listen:function(a,b,c){return h(a,b,c,!1)},registerDefault:function(a,b){throw c("unrecoverableViolation")("EventListener.registerDefault is not implemented.","comet_ui")},suppress:function(a){a.preventDefault(),a.stopPropagation()}};g["default"]=a}),98);.__d("DataAttributeUtils",["cr:6669"],(function(a,b,c,d,e,f){var g=[

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 883

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):14878
                                                                                                                                                                                                                                                                          Entropy (8bit):5.292886867911497
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:MzmyxR0y8tJ2aAX2LCs2Ci+nHU6KiG0Bh9Ar:KmyxR0y8tJ2aAmLCs2CikHU6Ki3y
                                                                                                                                                                                                                                                                          MD5:A531FE61AEE31B7541223B0191CADA79
                                                                                                                                                                                                                                                                          SHA1:AB7BDF44B91E067AC02378DBEB9380CB1618D878
                                                                                                                                                                                                                                                                          SHA-256:0D79433FBF1FD92A6010B9AF93E8DA20774483C2B79EFAEDC8FED3782C9239D2
                                                                                                                                                                                                                                                                          SHA-512:BFF5005D8F0E20B9854C8014271144EE6917853E38D96E11E3A8DE7857092AC860293D51B51CFF54B02CCF018B9477CE601D075E3DF8086CE01F706DE88FE321
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/css/skin_1/home.css?v=pTH-Ya7jG3VB&l=english
                                                                                                                                                                                                                                                                          Preview:..#mainBody {...max-width:958px;...margin:0 auto;...padding:0;...text-align:left;..}....#userNumbers {...font-weight:bold;...padding-top:13px;...color:#4d4d4d;..}....#iTotalAccounts {...color:#bebebe;..}....#iAccountsInGame {...color:#8BC53F;..}....#iAccountsOnline {...color:#62A7E3;..}....#iAccountsInChat {...color:#bebebe;..}....#lowerContents {...margin:0;...padding:0;...width:958px;...background-image:url('https://community.akamai.steamstatic.com/public/images/skin_1/homeBoxBG.gif');..}....#lowerLeftContents {...margin-left:5px;...background-position:top left;...background-repeat: no-repeat;...width:681px;...min-height:179px;...height:179px;...padding-top:325px;..}....#screenshots_detail_link {...text-align:center;...margin-top:-43px;...margin-bottom:10px;..}....#screenshots_detail_a,#screenshots_detail_a:visited,#screenshots_detail_a:active {...color:#697958;...font-size:12px;...font-family:Arial, Helvetica, sans-serif;...padding:0px;...margin:0px;...text-decoration:none;..}..#scr

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 884

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1391), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1391
                                                                                                                                                                                                                                                                          Entropy (8bit):5.772752973518139
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:2jkm94oHPcAhXbjZJlAJ6+KVCLTLPeYAgFnu5vtTGJTlWt0gEi16bP5vsLqo40RK:iEAhpWKonjfcvtTA8O01iGLrwUnG
                                                                                                                                                                                                                                                                          MD5:FE6872D7A4C5F180CF3EAC4EE888CE74
                                                                                                                                                                                                                                                                          SHA1:03B4B0F485D0C0046DF04F4B7FDABF0732E7D7A9
                                                                                                                                                                                                                                                                          SHA-256:7AD72032CB50407153526142981A407F59793D5D82E05A4EF6E1060E456F6ADE
                                                                                                                                                                                                                                                                          SHA-512:DF5C1DE69DF92D06FB1883B439FD7736285A9DFBCB22A4BC53FC6739D07702B78817B1F55231F923588607568CC00260669DA4575D3E8125787B308735366F6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=en
                                                                                                                                                                                                                                                                          Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var E='enterprise',a=w[N]=w[N]||{},gr=a[E]=a[E]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.recaptcha.net/recaptcha/enterprise/';(cfg['enterprise']=cfg['enterprise']||[]).push(true);(cfg['render']=cfg['render']||[]).push('explicit');(cfg['onload']=cfg['onload']||[]).push('recaptchaEnterpriseCallback');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A89JPrWYXvEpNQ/xE+PjjlGJiBu/L2GfQcplC/QkDJOS1fBoX5Q4/HLfT1dXpD1td7C2peXE3bSCJiYdwoFcNgQAAACSeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);po.src='https

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 885

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (647)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):514678
                                                                                                                                                                                                                                                                          Entropy (8bit):5.669850658889447
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:58+cCxHn6/Wk+Zx1raepBj8oQHOlkjc7n/NrfQjFw/hrPutvvQmkUtV6:5/bZk/ShQumirfqFw/MKmkUK
                                                                                                                                                                                                                                                                          MD5:37C6AF40DD48A63FCC1BE84EAAF44F05
                                                                                                                                                                                                                                                                          SHA1:1D708ACE806D9E78A21F2A5F89424372E249F718
                                                                                                                                                                                                                                                                          SHA-256:DAF20B4DBC2EE9CC700E99C7BE570105ECAF649D9C044ADB62A2098CF4662D24
                                                                                                                                                                                                                                                                          SHA-512:A159BF35FC7F6EFDBE911B2F24019DCA5907DB8CF9BA516BF18E3A228009055BCD9B26A3486823D56EACC391A3E0CC4AE917607BD95A3AD2F02676430DE03E07
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js
                                                                                                                                                                                                                                                                          Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. o

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 886

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1400)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5503
                                                                                                                                                                                                                                                                          Entropy (8bit):5.226279703409273
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:TeFtnnbmkGVoyEJCEDZDWabXHmpYXgrLzGm7tEDJsumLf1z6NBUEESEa5:/k7JKabXHmmXgrLz97tED+umL9+Nat30
                                                                                                                                                                                                                                                                          MD5:08F822689CE7622C71507A882D16E8C6
                                                                                                                                                                                                                                                                          SHA1:B4CF0C103690A6B57E034BF5B64CB99FC1E4A10B
                                                                                                                                                                                                                                                                          SHA-256:E3E69491250091BAAEF9B4D8CEDF1B7D2122BE548359C33448772F45783899CE
                                                                                                                                                                                                                                                                          SHA-512:13B7F4E001B4141A73A5A7E43CD5BB2A9E1837BDDB3234AC7E94EA1F02C2840087D90D1457F1A33943EA9AF350EA5C79C93374CD6067EFEE62806B895BB42053
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/JJ6fIc4HaLG.css?_nc_x=Ij3Wp8lg5Kz"
                                                                                                                                                                                                                                                                          Preview:.fixed_elem,.fixed_always{position:fixed!important}.tinyHeight .fixed_elem{position:static!important}.chrome .fixed_elem,.chrome .fixed_always{transform:translateZ(0)}.tinyHeight .chrome .fixed_elem{transform:none}.._2agf{word-wrap:normal}._2agf._4o_4{display:inline-flex}._55pe{display:inline-block;overflow:hidden;text-overflow:ellipsis;vertical-align:top;white-space:nowrap}.i.img{-ms-high-contrast-adjust:none}i.img u{clip:rect(1px, 1px, 1px, 1px);height:1px;left:auto;overflow:hidden;position:absolute;white-space:nowrap;width:1px}..lfloat{float:left}.rfloat{float:right}.._10{height:0;left:0;position:fixed;right:0;top:0;z-index:202}.platform_dialog ._10{position:absolute}._1yv{box-shadow:0 2px 26px rgba(0, 0, 0, .3), 0 0 0 1px rgba(0, 0, 0, .1);margin:0 auto 40px;position:relative}._t{background-color:#fff;position:relative}._1yw{background-color:#6d84b4;border:1px solid #365899;border-bottom:0;color:#fff;font-size:14px;font-weight:bold}._13,._14{border-color:#555;border-style:solid;bor

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 887

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (9280)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):32369
                                                                                                                                                                                                                                                                          Entropy (8bit):5.593482562114322
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+/f0nAoyTy5LmTzjmYpoHxlVlJZNZkAPhRhSji:dnhpmTutVlpZXhN
                                                                                                                                                                                                                                                                          MD5:7AF1DFFB49C469D52C21E5427A1BBA8B
                                                                                                                                                                                                                                                                          SHA1:2AB7CF54ED8CC0B4A3150728AEA257F188228ED6
                                                                                                                                                                                                                                                                          SHA-256:E73D1FD440A5D1AFB91891D1E5B386EE38CAB72D975EAED557E6B809F7151875
                                                                                                                                                                                                                                                                          SHA-512:F54A6B9B45D33D528D01AF00BE7E658B1907CFD1FABB7D110D14A3479FCECECE10D578535739483486AB0BBCB04F8B5AAAF80E12F7A3A34397D71E2783F94CB6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/aBIoq18cchP.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("LoginFormRedirect",[],(function(a,b,c,d,e,f){"use strict";var g=/c_user=(.+?)(;|$)/;function a(a){var b=window.setInterval(function(){g.test(document.cookie)&&(window.clearInterval(b),window.location.href=a)},5e3);window.addEventListener("beforeunload",function(){window.clearInterval(b)})}f.initCookiePolling=a}),66);.__d("XOauthDialogController",["XController"],(function(a,b,c,d,e,f){e.exports=b("XController").create("/dialog/oauth/",{display:{type:"Enum",enumType:1},auth_type:{type:"String"},logger_id:{type:"String"},redirect_uri:{type:"String"},sso_device:{type:"Enum",enumType:1},sdk:{type:"String"},ref:{type:"String"},ret:{type:"String"},scope:{type:"StringVector"},app_id:{type:"Int"},auth_method:{type:"Enum",enumType:1},facebook_sdk_version:{type:"String"},calling_package_key:{type:"String"},context_uri:{type:"String"},default_audience:{type:"Enum",enumType:1},domain:{type:"String"},encoded_state:{type:"String"},fallback_redirect_uri:{type:"String"},force_co

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 888

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3355
                                                                                                                                                                                                                                                                          Entropy (8bit):5.396115949174596
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:jrE1CT8Pi/CCsj5x9cHcYVGwGnrGdrtjcd/UfxGD/CtByLF3vDD+FQyB8pCkP:IawCp8E/0Ec+ByBv+FQyCzP
                                                                                                                                                                                                                                                                          MD5:9AF8AAEF60A740E8062CCDA7EFE7C179
                                                                                                                                                                                                                                                                          SHA1:1D72FFFE2679D8E55F35C1CEEFA29261C55E0A43
                                                                                                                                                                                                                                                                          SHA-256:7173A15A85C666C409667810A53ED83FE73505988FF8496EE65C8EE03D683A6A
                                                                                                                                                                                                                                                                          SHA-512:349F5F3958A19BE9B83DE6A18F22786B0C9D79815ABA89F721EE4A2C2DA66098F24794AEA023D84E645F17BCB7A9A5E65EAC331C79530010AA08707329F32114
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/javascript/crypto/rsa.js
                                                                                                                                                                                                                                                                          Preview:var RSAPublicKey = function($modulus_hex, $encryptionExponent_hex) {...this.modulus = new BigInteger( $modulus_hex, 16);...this.encryptionExponent = new BigInteger( $encryptionExponent_hex, 16);..};....var Base64 = {...base64: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",...encode: function($input) {....if (!$input) {.....return false;....}....var $output = "";....var $chr1, $chr2, $chr3;....var $enc1, $enc2, $enc3, $enc4;....var $i = 0;....do {.....$chr1 = $input.charCodeAt($i++);.....$chr2 = $input.charCodeAt($i++);.....$chr3 = $input.charCodeAt($i++);.....$enc1 = $chr1 >> 2;.....$enc2 = (($chr1 & 3) << 4) | ($chr2 >> 4);.....$enc3 = (($chr2 & 15) << 2) | ($chr3 >> 6);.....$enc4 = $chr3 & 63;.....if (isNaN($chr2)) $enc3 = $enc4 = 64;.....else if (isNaN($chr3)) $enc4 = 64;.....$output += this.base64.charAt($enc1) + this.base64.charAt($enc2) + this.base64.charAt($enc3) + this.base64.charAt($enc4);....} while ($i < $input.length);....return $output;...},...decode:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 889

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65482), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):93637
                                                                                                                                                                                                                                                                          Entropy (8bit):5.292996107428883
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:96IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:v+vIklosn/BLXjxzMhsSQ
                                                                                                                                                                                                                                                                          MD5:E1288116312E4728F98923C79B034B67
                                                                                                                                                                                                                                                                          SHA1:8B6BABFF47B8A9793F37036FD1B1A3AD41D38423
                                                                                                                                                                                                                                                                          SHA-256:BA6EDA7945AB8D7E57B34CC5A3DD292FA2E4C60A5CED79236ECF1A9E0F0C2D32
                                                                                                                                                                                                                                                                          SHA-512:BF28A9A446E50639A9592D7651F89511FC4E583E213F20A0DFF3A44E1A7D73CEEFDB6597DB121C7742BDE92410A27D83D92E2E86466858A19803E72A168E5656
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU
                                                                                                                                                                                                                                                                          Preview:/*! jQuery v1.8.3 jquery.com | jquery.org/license */..(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 890

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3721)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3944
                                                                                                                                                                                                                                                                          Entropy (8bit):5.380917638110427
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:6gElGaDuZ9WZ/lPIL+fEyC6lDQHvwXBfk/6fLX2vYT07cfmgA:ex29+wuER0DQH4XSew
                                                                                                                                                                                                                                                                          MD5:833375E42B2117A8EB06C5042773BB9E
                                                                                                                                                                                                                                                                          SHA1:227054B1F728492C8A1AF78DFA3DC13282EF0279
                                                                                                                                                                                                                                                                          SHA-256:C8C1139D5B4BAFB3A095E48EF8F10F64FD000C201E578BD861BCF4503F6FDAA5
                                                                                                                                                                                                                                                                          SHA-512:F5AB602E7FD4D22A159EEB4ACB93772F1DCAE153479AB3A28B075CA2552C13C7D8FC0AA54398B280808D5837EB92952080CBA5EE9782BD571489D59D64E6A2D2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AudioDock~loader.DashMenu~loader.SideNav~loader.Typeahead~loader.DMDrawer~bundle.MultiAccount~b.6c81a84a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AudioDock~loader.DashMenu~loader.SideNav~loader.Typeahead~loader.DMDrawer~bundle.MultiAccount~b"],{537800:(e,t,r)=>{r.d(t,{Z:()=>s});var n=r(202784),a=r(325686),o=r(973186),i=r(481142);const s=e=>{var t;const{borderColor:r="cellBackground",borderWidth:s="small",style:c,userAvatarSize:d="medium",userAvatarUrls:u,withIncreasedSpacing:p}=e,m=u.length,f="transparent"===r;return n.createElement(a.Z,{style:[l.root,c,{height:null==(t=i.default.getSizeStyle(d))?void 0:t.height}]},u.map(((e,t)=>n.createElement(i.default,{backgroundColor:r,borderColor:r,borderWidth:f?"none":s,key:t,size:d,style:[0!==t&&{marginStart:-1*o.default.theme.spacesPx[p?"space4":"space12"]},{zIndex:m-t}],uri:e}))))},l=o.default.create((e=>({root:{flexDirection:"row",flexShrink:0,overflow:"hidden",flexWrap:"wrap",justifyContent:"center"}})))},486800:(e,t,r)=>{r.d(t,{Z:()=>i});r(906886);var n=r(202784)

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 891

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17935)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1264567
                                                                                                                                                                                                                                                                          Entropy (8bit):5.463256837552173
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:hVTcEaNfUT8Ka6zMtwFfChiXdUEqCHfz9z:hVT7aNfUT8KVzM2FfChiXdUEqUz
                                                                                                                                                                                                                                                                          MD5:4787D71249F0738CBAA87762600A0BE5
                                                                                                                                                                                                                                                                          SHA1:4B3E7626FED576437F3742156A52BD376C773210
                                                                                                                                                                                                                                                                          SHA-256:434D194C410F4560FE0CF2AC0A062DFA2B8E36B9F63F9ACFC5A08FCC0FD7CA05
                                                                                                                                                                                                                                                                          SHA-512:C8462CF2D94E3700C19FEE18B13AB28E00F2CD4CF5EAC5D7485233435E5DCCBA80A2F444EBE188E74606A0FAA2965416D123A29E5F28A20321DAD539137EDE0D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3i3xv4/yU/l/en_US/yz3eNszVgcR.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("PolarisFeedCardComment_comment.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"PolarisFeedCardComment_comment",selections:[{args:null,kind:"FragmentSpread",name:"PolarisCommentLikeButton_comment"},{args:null,kind:"FragmentSpread",name:"PolarisPostCommentContent_comment"}],type:"XDTCommentDict",abstractKey:null};e.exports=a}),null);.__d("PolarisFeedCardComments_media.graphql",[],(function(a,b,c,d,e,f){"use strict";a={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"PolarisFeedCardComments_media",selections:[{alias:null,args:null,kind:"ScalarField",name:"comment_count",storageKey:null},{alias:null,args:null,concreteType:"XDTCommentDict",kind:"LinkedField",name:"comments",plural:!0,selections:[{alias:null,args:null,kind:"ScalarField",name:"__typename",storageKey:null}],storageKey:null},{args:null,kind:"FragmentSpread",name:"PolarisPostPreviewCommentsFragment_media"},{args:null,kind:"FragmentSpr

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 892

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (11054)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):55731
                                                                                                                                                                                                                                                                          Entropy (8bit):5.503381254911426
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:cVFC53PQVhADh8VUzn8ltRBx5AJ8HyMW3K/w7xMFdbXh/qip3qScV17juo30G1WS:SCBwhip8sJ8SMW377SGgS
                                                                                                                                                                                                                                                                          MD5:EFA1E48D56E530FA93CF00D2F3A06185
                                                                                                                                                                                                                                                                          SHA1:45798D1FD1525DF58D2E7247E9C1AD336CC0205C
                                                                                                                                                                                                                                                                          SHA-256:183AA97B823710C9F5871F9454F2302A5F58A6F8CAF608A26ED43BEB2E7D389C
                                                                                                                                                                                                                                                                          SHA-512:5587893D62063E78E3388A9BED8B15F4B9BABFC7124D77B3174EBE8A99AD1DE7643106AE09AFEC19500B260397E9939F9197ADD54C528154F07166B2AB0C590B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("GenderConst",[],(function(a,b,c,d,e,f){e.exports={NOT_A_PERSON:0,FEMALE_SINGULAR:1,MALE_SINGULAR:2,FEMALE_SINGULAR_GUESS:3,MALE_SINGULAR_GUESS:4,MIXED_UNKNOWN:5,NEUTER_SINGULAR:6,UNKNOWN_SINGULAR:7,FEMALE_PLURAL:8,MALE_PLURAL:9,NEUTER_PLURAL:10,UNKNOWN_PLURAL:11}}),null);.__d("IntlVariations",[],(function(a,b,c,d,e,f){e.exports={BITMASK_NUMBER:28,BITMASK_GENDER:3,NUMBER_ZERO:16,NUMBER_ONE:4,NUMBER_TWO:8,NUMBER_FEW:20,NUMBER_MANY:12,NUMBER_OTHER:24,GENDER_MALE:1,GENDER_FEMALE:2,GENDER_UNKNOWN:3}}),null);.__d("InlineFbtResult",["cr:1183579"],(function(a,b,c,d,e,f,g){g["default"]=b("cr:1183579")}),98);.__d("FbtReactUtil",[],(function(a,b,c,d,e,f){a=typeof Symbol==="function"&&Symbol["for"]&&Symbol["for"]("react.element")||60103;var g=!1;b={REACT_ELEMENT_TYPE:a,injectReactShim:function(a){var b={validated:!0};g?Object.defineProperty(a,"_store",{configurable:!1,enumerable:!1,writable:!1,value:b}):a._store=b}};e.exports=b}),null);.__d("FbtResultBase",[],(function(a,b,

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 893

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65369), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):89127
                                                                                                                                                                                                                                                                          Entropy (8bit):5.606594802966543
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:1ZLK7keoAfoJWi2y1H23hRu5ikqoy330ufU:1kfoJWby0cm3Z8
                                                                                                                                                                                                                                                                          MD5:702A669658E0E1F16E51C526C9B8873F
                                                                                                                                                                                                                                                                          SHA1:19D64995C1E57809B6753BAB0434E1C3D1141A32
                                                                                                                                                                                                                                                                          SHA-256:D51279BC22275B9E8D48858AB5C88880DC896ED2FED8C1478E959DBC28993559
                                                                                                                                                                                                                                                                          SHA-512:375FBCC6D9F2A6BE4DDAD99E964C8013CD41E61CD17A04EED61B768519959C120F5203370198B5DBCF96467597F54D8426C020E39182AF337B13EB944C407217
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/chunk~f036ce556.js?contenthash=ec7440a0341d3e41f72b
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[2530],{68628:e=>{e.exports={Login:"newlogindialog_Login_ZOBYq",SideBySide:"newlogindialog_SideBySide_1Wl13",QRSection:"newlogindialog_QRSection_2ZDyS",MessagingContainer:"newlogindialog_MessagingContainer_3ph6w",MessagingTag:"newlogindialog_MessagingTag_3jy5R",MessagingSubtitleCtn:"newlogindialog_MessagingSubtitleCtn_3dSxv",MessagingIcon:"newlogindialog_MessagingIcon_2H3fB",MessagingSubtitle:"newlogindialog_MessagingSubtitle_toeax",MessagingButton:"newlogindialog_MessagingButton_-jjqv",MessagingLink:"newlogindialog_MessagingLink_1ozce",ScanQRButton:"newlogindialog_ScanQRButton_IsYb2",QRIcon:"newlogindialog_QRIcon_2zKSq",QRCodeContainer:"newlogindialog_QRCodeContainer_3YjUm",QR:"newlogindialog_QR_1d6FZ",QRHideLink:"newlogindialog_QRHideLink_1mk4A",HideButton:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 894

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (22321), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):34966
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3094246488162895
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:aMJoWXJC75P2+/wWnv5Q+TrB2knT3iif39EhJdPXa/wWjFZ:afS+/wWnO+TrB2knT3iif39EhJdi/wWX
                                                                                                                                                                                                                                                                          MD5:36F6DB10738BB8E0D30973AA3570FACF
                                                                                                                                                                                                                                                                          SHA1:42008AC654597CF78DB04903D7C65BFABC250820
                                                                                                                                                                                                                                                                          SHA-256:B2E60E0D6042AE41D66AADFF6A6FBD7B2E9DB9A49EE94D6727513AEE04FAB508
                                                                                                                                                                                                                                                                          SHA-512:1F6C9528A044B59704FCE4748AFD0F6C6AD44339543350D7812667FC4CABEB90D0A46AF432C27F3601878B1C3D65F2E579E94AC9D6EC5ADD00C86EF3F19E5FF1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/applications/store/chunk~9216830f7.css?contenthash=1675adeaa3107becbbc5
                                                                                                                                                                                                                                                                          Preview:............newlogindialog_Login_ZOBYq{position:relative;display:flex;flex-direction:column}.newlogindialog_Login_ZOBYq .newlogindialog_SideBySide_1Wl13{display:flex;flex-direction:row;flex:1;padding-top:10px}@media screen and (max-width: 700px){.newlogindialog_Login_ZOBYq .newlogindialog_SideBySide_1Wl13{flex-direction:column}}.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS{flex:0;display:grid;gap:4px;margin-left:40px}@media screen and (max-width: 700px){.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS{display:flex;flex-direction:column;align-items:center;margin-left:0;margin-top:48px}}.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS .newlogindialog_MessagingContainer_3ph6w{display:flex;flex-direction:column;align-items:flex-start;width:200px}.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS .newlogindialog_MessagingTag_3jy5R{color:#1999ff;font-weight:500;font-size:12px;line-height:16px;margin:6px 0px;text-transform:uppercase;letter-spacing:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 895

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2549
                                                                                                                                                                                                                                                                          Entropy (8bit):4.065824216102575
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:t4tQ6dEHu+4CE/EiFyCmxOJLGe1sxmJLOTyX3WCQ9yCmxOJLA5J2z5D6M9JMPxg0:WiE/yCmr9hj9mP0kOpFnqo7gX
                                                                                                                                                                                                                                                                          MD5:ECD94021D2C853C3B8DEB8203BA17300
                                                                                                                                                                                                                                                                          SHA1:6F0E24BAF66AE386041E8FAF42363418A4C96144
                                                                                                                                                                                                                                                                          SHA-256:0D6F8D206A6BD8B60A2048A3DF206AC956A2F633786E4AF1C02057F81758AD7A
                                                                                                                                                                                                                                                                          SHA-512:1967613484EB4FB2A50628CCED684C3E1022D1DF51D5AA86ADE53828DBDF0A748A8E99669C08EC5A9AA4BA97DC74F709AD4798BF486C1BAEEC60D24B223E5D50
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg
                                                                                                                                                                                                                                                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1090" height="360" fill="none" viewBox="0 0 1090 360">. <path fill="#0866FF" d="M881.583 257.897h29.48v-47.696l41.137 47.696h36.072l-47.89-54.969 40.909-47.663h-32.825l-37.403 43.93v-96.982l-29.48 3.864v151.82Zm-67.988-105.261c-32.728 0-55.455 22.013-55.455 53.929s22.727 53.929 55.455 53.929c32.727 0 55.455-22.013 55.455-53.929s-22.728-53.929-55.455-53.929Zm0 82.728c-15.163 0-25.552-11.721-25.552-28.799s10.389-28.799 25.552-28.799c15.162 0 25.552 11.721 25.552 28.799s-10.39 28.799-25.552 28.799Zm-119.807-82.728c-32.727 0-55.455 22.013-55.455 53.929s22.728 53.929 55.455 53.929c32.728 0 55.455-22.013 55.455-53.929s-22.727-53.929-55.455-53.929Zm0 82.728c-15.162 0-25.552-11.721-25.552-28.799s10.39-28.799 25.552-28.799c15.163 0 25.552 11.721 25.552 28.799s-10.389 28.799-25.552 28.799Zm-112.826-82.728c-13.636 0-24.935 5.357-32.013 15.162v-65.585l-29.513 3.831v151.82h26.169l.519-15.844c6.981 11.818 19.481 18.474 34.838 18.474 27.988 0 48.475-22.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 896

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (64772)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):102582
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4069691614373525
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:jXmxAAXpkOc6XzNg/r/bMaDEHHZE/T5ZbkKTXxdkhRKu:hUpQ6TSqE/TPkKNdkz
                                                                                                                                                                                                                                                                          MD5:5E69AEC53E5BB3E0C5B5D240E64B9379
                                                                                                                                                                                                                                                                          SHA1:2778AC223BF54BD9A3C188AC5AD484612F6B12E2
                                                                                                                                                                                                                                                                          SHA-256:BA4691262FBF1ABD2BD988530282374FBE5517357D414D61CBA2B6739374D565
                                                                                                                                                                                                                                                                          SHA-512:A3B3729526767B0005C3DCE6AB0BECD40338BDE7D20E60616074C8B8DA0395FC7042BBF666ED5A6F29589F05274EB440E4CA1BD41CC43C7E4A005CF9892AC363
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
                                                                                                                                                                                                                                                                          Preview:./*@preserve.***Version 1.64.1***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. !function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)||Object.defineProperty(e,t,{enumerabl

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 898

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1011), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1011
                                                                                                                                                                                                                                                                          Entropy (8bit):4.958228722086236
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WybE3QpQgbgbGNKOkhOXO6FOXOWOvOOpx+FUDx+W:WybEgpQgbgbGNNlOOpx4UDx+W
                                                                                                                                                                                                                                                                          MD5:5306F13DFCF04955ED3E79FF5A92581E
                                                                                                                                                                                                                                                                          SHA1:4A8927D91617923F9C9F6BCC1976BF43665CB553
                                                                                                                                                                                                                                                                          SHA-256:6305C2A6825AF37F17057FD4DCB3A70790CC90D0D8F51128430883829385F7CC
                                                                                                                                                                                                                                                                          SHA-512:E91ECD1F7E14FF13035DD6E76DFA4FA58AF69D98E007E2A0D52BFF80D669D33BEB5FAFEFE06254CBC6DD6713B4C7F79C824F641CB704142E031C68ECCB3EFED3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/cssbin/www-onepick.css
                                                                                                                                                                                                                                                                          Preview:.picker-frame{width:100%;height:100%;border:0;overflow:hidden}.picker.modal-dialog-bg{position:absolute;top:0;left:0;background-color:#fff}.picker.modal-dialog{position:absolute;top:0;left:0;background-color:#fff;border:1px solid #acacac;width:auto;padding:0;z-index:1001;overflow:auto;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-transition:top .5s ease-in-out;-moz-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;-webkit-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;transition:top .5s ease-in-out}.picker-min{position:absolute;z-index:1002}.picker.modal-dialog-content{font-size:0;padding:0}.picker.modal-dialog-title{height:0;margin:0}.picker.modal-dialog-title-text,.picker.modal-dialog-buttons{display:none}.picker.modal-dialog-bg,.picker.modal-dialog.picker-dialog{z-index:1999999999

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 899

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):124529
                                                                                                                                                                                                                                                                          Entropy (8bit):7.79044844464572
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:R24zCBv0a8Oz/fxlnI0Nc49J7g3HOHQZP:R2GCea8OzHfjO85ygs
                                                                                                                                                                                                                                                                          MD5:48B805D8FA321668DB4CE8DFD96DB5B9
                                                                                                                                                                                                                                                                          SHA1:E0DED2606559C8100EF544C1F1C704E878A29B92
                                                                                                                                                                                                                                                                          SHA-256:9A75F8CC40BBE9C9499E7B2D3BAB98A447685A361489357A111479517005C954
                                                                                                                                                                                                                                                                          SHA-512:95DA761CA3F99F7808A0148CFA2416B8C03D90859BFF65B396061ADA5A4394FB50E2A4B82986CAAB07BC1FCD73980FE9B08E804B3CE897762A17D2E44935076D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......<......Adobe.d.................................................................................................................................................8........................................................................................!.1.A.".Q.a2.B#q..3Rb$........................!..1.AQ"..a2B#.............?..w:2...................................u...h....u.}@ ...0.......[..M)..p.....^.0.7P2@..<.H.>@........^@w.?.d.....@.p.w.....y.\..]:......`..%.&...>.....h...{.|.....O[4Q ]....k..Rg..y....p..jR'..<.\....AS..)..i#..Ps..7UF...d.6...SRb.O..mr.;.R:.......X_.._.sU\}..R..:cC....S...{x%..=.z..yG.[t.S.5.O._.=3.H..|:r.+..7%b.zt+Nc.\c...|.&.K..-.qz..\...O.+u...3.>./.....5...D...*......H.$.&ER@0..o..gW.u.8'N=...N.Y...g.x...PR................>......>.1...W...C\....a..2...%TA...=oWd...ur..Z......&_...*m..?.....O.....Fly.D.D6.r....OK&....H.b...Z...)A.........]Z.U.4VL.&YS../.0p......p......4.*....)....*B.a.3b.A8....V.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 901

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (64904), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):171828
                                                                                                                                                                                                                                                                          Entropy (8bit):5.091638681065859
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:As4PKffp9FVf2HBeZTjxI1slCWW9sEbsgsfRc117tUCqU3A8yWiSgzgPMNSrf:As4PKfx/VhTjHlCNOEArfKrxRJS+D
                                                                                                                                                                                                                                                                          MD5:A99AA0016856B81BF5B861C09E2069EF
                                                                                                                                                                                                                                                                          SHA1:88B0B42E87B8728CDA331E8A6974793F8D96C937
                                                                                                                                                                                                                                                                          SHA-256:8EC82F426012EEE212DCD2FC1C68106023ECAF5F38C1AD84B1033FFAB4C65C00
                                                                                                                                                                                                                                                                          SHA-512:94D2A586D1EE01F89B81B98C3AAEB4D2AF1758C793243B48034A324BD64F740629CF9A064D3C0ED04830042AF30137BC9CB6F87F1F9F2E1C97A89B70B0C8AF56
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/localization/sales_english-json.js?contenthash=90352fc0df5b5c860d95
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[1546],{12445:e=>{e.exports=JSON.parse('{"language":"english","Summer2022_hunt_Intro":"Greetings from the Future!","Summer2022_hunt_Intro_1":"I am Clorthax, a time-traveling trickster! I know what you.re thinking: \\"A professional trickster? This sounds like a trick!\\" That is a reasonable concern! But what I am about to tell you is not a trick, and to prove it, I will type it in all caps: THIS IS NOT A TRICK.","Summer2022_hunt_Intro_2":"Okay, it.s a trick. But only on the people of the future! You.re going to love this. Why? Because I have stolen the ten best games from the far future, then traveled across an ocean of time to sell them to you! Exclusively on Steam!","Summer2022_hunt_Intro_3":"Anyway, I can.t outright tell you the names

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 902

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1839
                                                                                                                                                                                                                                                                          Entropy (8bit):4.952637178893887
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:gKZK68fKSLYBj17ekcLWyWpbwnGD9jH2RqFhmWe:i68fKSEBj17hcL1ewnGDZ2RqFAv
                                                                                                                                                                                                                                                                          MD5:E925A9183DDDF6BC1F3C6C21E4FC7F20
                                                                                                                                                                                                                                                                          SHA1:F4801E7F36BD3C94E0B3C405FDF5942A0563A91F
                                                                                                                                                                                                                                                                          SHA-256:F3A20B45053B0E79F75F12923FC4A7E836BC07F4ECFF2A2FA1F8ECDBA850E85A
                                                                                                                                                                                                                                                                          SHA-512:F10EB10B8065C10AE65950DE9EF5F36EC9DF25D764B289530FE2AD3AE97657BD5805E71FED99E58D81D34796A1002419343CCA85CA47EE7A71D6C15855AD9705
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/router.js
                                                                                                                                                                                                                                                                          Preview:/*global define:true, console:true, jQuery:true, require:true */..define([ 'jquery', 'backbone'],...function ($, Backbone) {....'use strict';....var router;....router = Backbone.Router.extend({....routes: {.....'': 'showTheView',.....'stepup?*queryString': 'showTheView',.....'rendercaptcha': 'showAuthCaptcha',.....'twofactor*path': 'showTheView',.....'resendotp': 'showTheView',.....'switchoption?*queryString': 'showTheView',.....'switchoption': 'showTheView',.....'softtoken': 'showTheView'....},.....hasPushState: window.history && 'pushState' in window.history,.....// this.viewName is only set when app.js is executed. It is never set again, unless app.js is....// requested again like when a page is rendered server-side.....showTheView: function () {.....this.showView(this.viewName);....},.....showAuthCaptcha: function() {.....this.showView('authcaptcha');....},.....showView: function (name) {.....var viewName = name,......asyncAssets = [ "view/" + viewName ];......require(asyncAssets,

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 903

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4486)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):13681
                                                                                                                                                                                                                                                                          Entropy (8bit):5.529226742848805
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:VhG2l3BZggc44nTMusgHwsJkJkLtQItZfW/M2CMriLY57ydwidddIM9DdE:W2nagc44TMRgQUtvZfW/M2HkaiPGMZ+
                                                                                                                                                                                                                                                                          MD5:0D6262EF7A09AE5A6C72B1618A80EA93
                                                                                                                                                                                                                                                                          SHA1:474D467180FDF09854E6574F7797A78ABB438B83
                                                                                                                                                                                                                                                                          SHA-256:645240416ABCD308535E059097BB0563A206294C45E811AA0D91E26D07F8744F
                                                                                                                                                                                                                                                                          SHA-512:22B587FA20958320A102906FB5E8E805F6B5940C31231220D57BE2A61FFCD54BB131A9F321AC5ED52390FD2FEC18449A08FF936A40F986E8D45E85C0EFB747FC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3iBPb4/ya/l/en_US/Jn4tdWkjn7K.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("ZenonCallInviteModelTypes",[],(function(a,b,c,d,e,f){"use strict";a={missed:"missed",ringing:"ringing",unsupported_browser:"unsupported_browser"};f.CallInviteModelType=a}),66);.__d("CometUserActivity",["BaseEventEmitter"],(function(a,b,c,d,e,f,g){"use strict";var h=5e3,i=500,j=-5,k=Date.now(),l=k,m=!1,n=Date.now(),o=document.hasFocus?document.hasFocus():!0,p=0,q=Date.now(),r=-1,s=-1,t=!1,u=!1,v=new(c("BaseEventEmitter"))();function b(a){var b=w(function(c,d){b.unsubscribe(),a(d)});return b}function w(a){var b=v.addListener("user_activity",function(b){return a("user_activity",b)});return{unsubscribe:function(){return b.remove()}}}function d(a){return new Date().getTime()-k<(a!=null?a:h)}function e(){return o}function f(){return m}function x(){o=!0,m=!1}function y(){return n}function z(){return k}function A(a){p=a}function B(){return q}function C(){return t}function D(){return u}function E(){return l}function F(){k=Date.now(),l=k,m=!1,n=Date.now(),o=document.hasFo

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 904

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (8603)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):8734
                                                                                                                                                                                                                                                                          Entropy (8bit):5.233668670588405
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:XauzkRnENkJoCxScgFlimMBW8PeA2dW+mYrBGKB3Kzl5eVm:XauQRnENkJoCxPgFljYP1lIG23KzTeVm
                                                                                                                                                                                                                                                                          MD5:835006A5E107C0A74FBF80F17800A0B7
                                                                                                                                                                                                                                                                          SHA1:6EA2BDBF461593D55856DD99EA481DCF8F4E801E
                                                                                                                                                                                                                                                                          SHA-256:BA699066F79E1B0016C6494D0E0DDA0B840045416BAF176F5A5F548B0F9264AD
                                                                                                                                                                                                                                                                          SHA-512:8FD0EE52824D3A8BEF2082E980BF5704B138FEB1308E1789EF1C6B5ED7BC82EFAAD4D3F1B822939582A4B190E66B953CBCBF6F22F798EF643743E788FF1AA1A0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/ondemand.Dropdown.938dadaa.js
                                                                                                                                                                                                                                                                          Preview:(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["ondemand.Dropdown","bundle.TrustedFriendsManagement"],{611731:(e,t,n)=>{"use strict";n.d(t,{Z:()=>m});n(906886);var i=n(202784),o=n(640342),a=n(325686),s=n(940080);const r=Object.freeze({normal:100,long:250,longer:500}),h=Object.freeze({animate:"animate",static:"static",prep:"prep"}),l={height:"auto",opacity:1},c={height:0,opacity:0};class d extends i.Component{constructor(...e){super(...e),this.state={animateStage:h.static,animateProps:this.props.show&&!this.props.animateMount?l:c,renderChildren:this.props.children,componentHeight:0,props:{...this.props,show:!this.props.animateMount&&this.props.show}},this._transitionStart=({componentHeight:e})=>{const{props:{show:t,type:n}}=this.state,i="fade"===n;t?this.setState({animateProps:{height:i?"auto":0,opacity:0},animateStage:h.animate,componentHeight:e},this._requestNewFrame((()=>{this.setState({animateProps:{height:i?"auto":e,opacity:1}})}))):t

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 905

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (22312)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):22436
                                                                                                                                                                                                                                                                          Entropy (8bit):5.613949959908335
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:IW7SI5FhjpbQao5fH7CGw5E7YSQmzRtHgeFCfvBCNqN/QCIAaE/ZXzixxmw1BB35:IiHCaoZfw458jvfrixOUr1tyZA
                                                                                                                                                                                                                                                                          MD5:3790F58B0E0C5812354BB1A1548ECC8D
                                                                                                                                                                                                                                                                          SHA1:53E79359956DDB11765DB7BF19C30598B017E099
                                                                                                                                                                                                                                                                          SHA-256:449FF78C9BFCB1D96D59C92F95137EB2CB5736DFA4225BC4B320740321F341A5
                                                                                                                                                                                                                                                                          SHA-512:B0F308DF9FA210D5BD4AADE84057056152F952CEF240500ACE80B67AE3DFC76763DE19B56EB121995637015A6854F8150B9917A7C31A9843ACF9B4109A0CFD43
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/ondemand.s.3467b1ca.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["ondemand.s"],{471269:(n,t,W)=>{W.r(t),W.d(t,{default:()=>o});W(136728),W(906886),W(875640);function r(){const n=["WOtdT3XS","ygpcVmo/gGyju8oYuCoDp8oq","W67dSSoU","W4agrmoQW6O","hZSp","z1nSh8kw","W6xdMejebeDgj8oJaCksxxy","yI4h","W7hdSCkFW7q9","cX7dLSkQuG","E2/cIICJ","W7BdLCo/WPOb","WOHhW6r7WPa","W5FcRtddOmou","hfixW5jU","WOeSW7RcHG","W5NcOcVdSmoz","iCk8FW","W7WMs8oqW74","WPFdUM1bW7a","WQjIza3cRW","cvD+e2O","WORdVLnpW7a","j2SQW7zh","W6m9FK7dKa","g0fSmmkn","hCovWP4","fJVcHSoBWO4","W5ZdSCoknN4","x8ocxG","BINdJa","WQHBAcBcOa","eCoyWRPlW7q","cCkIWOJdImkn","sCkFWO7cTSkMW55iWR4UW7Gw","pdtdVW","W7RdSwZcGe8","WOpcO8oGW64y","W67cHa0Hcq","W4L/W6lcG8om","W7efkLBdQq","cmoPWQD8lW","W4xdNmoUWQyC","fCogW4y","W6hdHCo7WQ0U","gCokdSkVDW","W6e0DGG","l2u3W77cLa","mbfAchy","W4JdVmo3jw0","W6/dICkPW4GN","dSksuea","W6acnLtdQq","pXSRW5tdGa","WOhcJ8kbW6XK","WP3dVHu","W7OSBSoXW6O","oCofnCkomq","sSk8WOS","W5

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 906

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):278619
                                                                                                                                                                                                                                                                          Entropy (8bit):5.476148941093607
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:VyDZgQMw8cSkZWBRKzSqngbEtzMLOrykvMGKED6rG5gSt:VgZgQraEtxmXg
                                                                                                                                                                                                                                                                          MD5:955D1540E499A229F9DFD01555C0E80D
                                                                                                                                                                                                                                                                          SHA1:8282AD79D0C40E6A9888E569337E0F177C931500
                                                                                                                                                                                                                                                                          SHA-256:DDD67CB8AF16EF83BA1A0A4DCE0861BD8BB68EBA3468DFC810E0802CE3C01AD8
                                                                                                                                                                                                                                                                          SHA-512:3F15C99982FE2794AFFE0C67F2173E376EAB1FACD97DB0606A97405E822D6B55DE34AEAA14B5029ACB88239F98ECD36D02010CCBD1A5CDEB6B197E057560680C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.DashMenu~loader.SideNav~loader.AppModules~loader.DMDrawer~bundle.MultiAccount~bundle.ReaderMode.e2c8ab7a.js
                                                                                                                                                                                                                                                                          Preview:(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.DashMenu~loader.SideNav~loader.AppModules~loader.DMDrawer~bundle.MultiAccount~bundle.ReaderMode"],{93128:t=>{t.exports={queryId:"QjN8ZdavFDqxUjNn3r9cig",operationName:"AuthenticatedUserTFLists",operationType:"query",metadata:{featureSwitches:[],fieldToggles:[]}}},271724:t=>{t.exports={queryId:"cH9HZWz_EW9gnswvA4ZRiQ",operationName:"CreateDraftTweet",operationType:"mutation",metadata:{featureSwitches:[],fieldToggles:[]}}},338737:t=>{t.exports={queryId:"LCVzRQGxOaGnOnYH01NQXg",operationName:"CreateScheduledTweet",operationType:"mutation",metadata:{featureSwitches:[],fieldToggles:[]}}},826210:t=>{t.exports={queryId:"2tP8XUYeLHKjq5RHvuvpZw",operationName:"CreateTrustedFriendsList",operationType:"mutation",metadata:{featureSwitches:[],fieldToggles:[]}}},382574:t=>{t.exports={queryId:"bkh9G3FGgTldS9iTKWWYYw",operationName:"DeleteDraftTweet",operationType:"mutation",metadata:{featureS

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 907

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65333)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):65479
                                                                                                                                                                                                                                                                          Entropy (8bit):5.417038813233855
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:ny2peaNAcXOTjd4RT3D6APQqdaXa6rxl9atKhg:PIHcXsjqDdKqAx/atKhg
                                                                                                                                                                                                                                                                          MD5:2C8AA6670B08F6594CFC634811BA1AF1
                                                                                                                                                                                                                                                                          SHA1:B9DF86D496F47458825955390DD3969345169A21
                                                                                                                                                                                                                                                                          SHA-256:82142032313A7064E1A2B1C3528E1714033503A349AC5C883D86E4A56A22E4D6
                                                                                                                                                                                                                                                                          SHA-512:DFF9A51A006831B866EFAE282661316EF97FF5144982668228267B07231495747A3AE412596A79C285FD0D90A265C8042A21DB1A6087111EED1AF1CE1C2E0FF6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://tracking.epicgames.com/tracking.js
                                                                                                                                                                                                                                                                          Preview:.(function() {. window._epicTrackingCookieDomainId = '619b80f6-779b-4cf1-8f62-7b4e25b9d4c9';. window._epicTrackingCountryCode = 'US';.}());.!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return O

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 908

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (15990)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):670506
                                                                                                                                                                                                                                                                          Entropy (8bit):5.734945947279104
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:jOCEdMoAb+a0RaaaDiLAj/b8X3HMAwG7+SLarPgg2C+Y:j9KMoAbEa7W3HdwxUY
                                                                                                                                                                                                                                                                          MD5:14B09FBBD54D23643BB62856CCA0CE1D
                                                                                                                                                                                                                                                                          SHA1:59F0388EBC9872EDDB4E680F27A989413461498F
                                                                                                                                                                                                                                                                          SHA-256:3DC5B8F6AD05B487BBEF49C42C3FFF488ABF47D75CD2D62BB50DA2A02D1082B9
                                                                                                                                                                                                                                                                          SHA-512:074939AB026F704363BB586FF029C2B8D54B0228C88573B69DD40EA63EAFD1220CCD7C368EB8132BF039DFC4A4C007E565B76760D720EEE4F04588C2C50CD476
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCUo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEotM5KnP6eq1I-j0IjUz5JAQCU0Q/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                                                                                                          Preview:"use strict";_F_installCss(".Mh0NNb{background-color:#323232;bottom:0;box-sizing:border-box;box-shadow:0px 6px 10px 0px rgba(0,0,0,.14),0px 1px 18px 0px rgba(0,0,0,.12),0px 3px 5px -1px rgba(0,0,0,.2);color:#fff;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;flex-direction:column;font-size:14px;left:0;min-height:48px;position:fixed;right:0;transform:translate(0,100%);visibility:hidden;z-index:99999}.M6tHv{-webkit-box-align:center;box-align:center;align-items:center;align-content:center;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;flex-direction:row;min-height:inherit;padding:0}.aGJE1b{box-flex:1;flex-grow:1;flex-shrink:1;line-height:normal;overflow:hidden;padding:14px 24px;text-overflow:ellipsis;word-break:break-word}.x95qze{align-self:center;color:#eeff41;box-flex:0;flex-grow:0;flex-shrink:0;float:right;text-transform:uppercase;font-weight:500;display:inline-block;cursor:pointer;outline:none;padding:14px 24px}.KYZn9b{background-color:#

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 909

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (936)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5863
                                                                                                                                                                                                                                                                          Entropy (8bit):5.542506058381083
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:ercpdAw1xFVObY2GhlzSSt0531195315WnGIjkC4EBBIjKuKSwXr6:ekdAMFVObY2GjDm19D5WnGIj8OByKD6
                                                                                                                                                                                                                                                                          MD5:F3356B556175318CF67AB48F11F2421B
                                                                                                                                                                                                                                                                          SHA1:ACE644324F1CE43E3968401ECF7F6C02CE78F8B7
                                                                                                                                                                                                                                                                          SHA-256:263C24AC72CB26AB60B4B2911DA2B45FEF9B1FE69BBB7DF59191BB4C1E9969CD
                                                                                                                                                                                                                                                                          SHA-512:A2E5B90B1944A9D8096AE767D73DB0EC5F12691CF1AEBD870AD8E55902CEB81B27A3C099D924C17D3D51F7DBC4C3DD71D1B63EB9D3048E37F71B2F323681B0AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
                                                                                                                                                                                                                                                                          Preview:(function(){'use strict';/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var e=this||self;function f(c,b){c=c.split(".");var a=e;c[0]in a||"undefined"==typeof a.execScript||a.execScript("var "+c[0]);for(var d;c.length&&(d=c.shift());)c.length||void 0===b?a[d]&&a[d]!==Object.prototype[d]?a=a[d]:a=a[d]={}:a[d]=b}.;var g={YEAR_FULL:"y",YEAR_FULL_WITH_ERA:"y G",YEAR_MONTH_ABBR:"MMM y",YEAR_MONTH_FULL:"MMMM y",YEAR_MONTH_SHORT:"MM/y",MONTH_DAY_ABBR:"MMM d",MONTH_DAY_FULL:"MMMM dd",MONTH_DAY_SHORT:"M/d",MONTH_DAY_MEDIUM:"MMMM d",MONTH_DAY_YEAR_MEDIUM:"MMM d, y",WEEKDAY_MONTH_DAY_MEDIUM:"EEE, MMM d",WEEKDAY_MONTH_DAY_YEAR_MEDIUM:"EEE, MMM d, y",DAY_ABBR:"d",MONTH_DAY_TIME_ZONE_SHORT:"MMM d, h:mm\u202fa zzzz"},h=g;h=g;var k={ERAS:["BC","AD"],ERANAMES:["Before Christ","Anno Domini"],NARROWMONTHS:"JFMAMJJASOND".split(""),STANDALONENARROWMONTHS:"JFMAMJJASOND".split(""),MONTHS:"January February March April May June July August September October November December

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 910

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (5877)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):20462
                                                                                                                                                                                                                                                                          Entropy (8bit):5.394115880368359
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:RQjPTBXoWi8zyzsRuFW3EDa7CLqv03W2Adl3ih9Dy2U52zy:6TB4WBBSW3ieCLulER42zy
                                                                                                                                                                                                                                                                          MD5:B65CA920DDA41E1DB159E6C8AD2F4A39
                                                                                                                                                                                                                                                                          SHA1:2C0E43D543C4978CA1A6ADEBFB7C89FF06063938
                                                                                                                                                                                                                                                                          SHA-256:246920C75E280B13418ABB4A7E3E299D315BB4BF0620C6E0A8D135016278B074
                                                                                                                                                                                                                                                                          SHA-512:173609DE40E368472B721A29A493098D17222AFCB93B78BE9FCAE0D345E62791269D63AA1FF7B5EDDBE6FE23FDF2094BD8DBA6F97E12A5B1440310FB992BDAAE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yZ/r/I_Arz_GerDQ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("EventListenerImplForBlue",["Event","TimeSlice","emptyFunction","setImmediateAcrossTransitions"],(function(a,b,c,d,e,f,g){function h(a,b,d,e){var f=c("TimeSlice").guard(d,"EventListener capture "+b);if(a.addEventListener){a.addEventListener(b,f,e);return{remove:function(){a.removeEventListener(b,f,e)}}}else return{remove:c("emptyFunction")}}a={listen:function(a,b,d){return c("Event").listen(a,b,d)},capture:function(a,b,c){return h(a,b,c,!0)},captureWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{passive:d,capture:!0})},bubbleWithPassiveFlag:function(a,b,c,d){return h(a,b,c,{passive:d,capture:!1})},registerDefault:function(a,b){var d,e=c("Event").listen(document.documentElement,a,f,c("Event").Priority._BUBBLE);function f(){g(),d=c("Event").listen(document,a,b),c("setImmediateAcrossTransitions")(g)}function g(){d&&d.remove(),d=null}return{remove:function(){g(),e&&e.remove(),e=null}}},suppress:function(a){c("Event").kill(a)}};b=a;g["default"]=b}),98);.__d("BasicVe

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 911

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65358), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):214715
                                                                                                                                                                                                                                                                          Entropy (8bit):4.886718010132867
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:1UmdKzaF7OyAow8+iOWri2/QoHhRm+8CmY9yfF8Kd:1pdKzwOyQ8+iji2/Xm+8xa8F7
                                                                                                                                                                                                                                                                          MD5:925AE7E57D0649AD55304B5D5D0DC83D
                                                                                                                                                                                                                                                                          SHA1:8ABA6C6AEA5E37E84DC34FF1795470B66E5C7619
                                                                                                                                                                                                                                                                          SHA-256:868CC83FA3E00D2B50CE0330136B32DDF1040F23028340921BBA25383F9E6D65
                                                                                                                                                                                                                                                                          SHA-512:1492E84CF813292102C7CD945C45BD239808A60A35B24E14FEFA8F2B0348767584ECCA085D98591D2665D572AF4D6681FF116404369833E71F7E84D1BEAB6953
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/localization/main_english-json.js?contenthash=457d50f16b76d66694ee
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[9665],{63336:e=>{e.exports=JSON.parse('{"language":"english","Hello_Friend":"Hello, %1$s! Glad to meet you!","AgeGate_Content":"Content posted in this community","AgeGate_MayContain_2":"may contain %1$s or %2$s","AgeGate_MayContain_4":"may contain %1$s, %2$s, %3$s or %4$s","AgeGate_Violence":"Strong Violence","AgeGate_Gore":"Gore","AgeGate_Sex":"Sexual Content","AgeGate_Nudity":"Nudity","AgeGate_Generic1":"may not be appropriate for all ages,","AgeGate_Generic2":" or may not be appropriate for viewing at work.","AgeGate_DontWarnMe":"Don\'t warn me again for %1$s","AgeGate_Reason":"Your preferences are configured to warn you when images may be sensitive.","AgeGate_Edit":"Edit Preferences","AgeGate_LoadingPreferences":"Loading Your Preferences","C

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 912

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65272)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):152602
                                                                                                                                                                                                                                                                          Entropy (8bit):5.357131844161841
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:r2qGlEOqbVlWxkpSPk1PrOSpydNhQrzn+mgO3D2zyW5Kno9eLshdCc5Kno9eLsht:r2CZ04SQFl3L6z9
                                                                                                                                                                                                                                                                          MD5:A692E0DAFA6F9BADEE242A650461749F
                                                                                                                                                                                                                                                                          SHA1:510F2FB915F651A1B4D1866081A594B1408FF5A9
                                                                                                                                                                                                                                                                          SHA-256:867200AE75E898DD9E8B2C495D17B1301936B6769F24403DBF8409AD1FA00963
                                                                                                                                                                                                                                                                          SHA-512:A33E9306DFF2D0FC61A902CAEFB9278ED96AB5A1A543DA7C86E8D4039CFB6DFF7858236B1BB866B6C3F1EEB9F15ED4C8349A21C7DAB55D2667AE0FF8D80ABE9B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/js/4.54988a56.chunk.js
                                                                                                                                                                                                                                                                          Preview:.!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="d052ed25-6d59-5b71-9f44-7d75480e8f8d")}catch(e){}}();.(this["webpackJsonpaccountportal-node-website"]=this["webpackJsonpaccountportal-node-website"]||[]).push([[4],Array(1190).concat([function(t,r,e){var n=e(1192),o=e(1211).f,i=e(1215),a=e(1204),u=e(1307),c=e(1308),s=e(1260);t.exports=function(t,r){var e,f,l,h,p,v=t.target,d=t.global,g=t.stat;if(e=d?n:g?n[v]||u(v,{}):(n[v]||{}).prototype)for(f in r){if(h=r[f],l=t.noTargetGet?(p=o(e,f))&&p.value:e[f],!s(d?f:v+(g?".":"#")+f,t.forced)&&void 0!==l){if(typeof h===typeof l)continue;c(h,l)}(t.sham||l&&l.sham)&&i(h,"sham",!0),a(e,f,h,t)}}},function(t,r){t.exports=function(t){try{return!!t()}catch(r){return!0}}},function(t,r,e){(function(r){var e=function(t){return t&&t.Math==Math&&t};t.exports=e("object"==typeof globalThis&&globalThis)||

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 913

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65517)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):371687
                                                                                                                                                                                                                                                                          Entropy (8bit):5.49510443664036
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:WsrNPI8ScQLANWYjvAxojP/y+N6wLIl9xMMkmwQPcbxBgHS3L7Yy06JDz4BXt/F+:FrCCx/y+N6W7Bj4BXF2KO
                                                                                                                                                                                                                                                                          MD5:5A6DA6B9EAD5D29F6FDB5A8A4AEB545A
                                                                                                                                                                                                                                                                          SHA1:1F7ABD2ED9FC535D75CFD4CC83C9B23A820B665D
                                                                                                                                                                                                                                                                          SHA-256:4E7C79EB385D4B32F6D5CDE7FC04877B47ECE8615206300CA4DD393A5999C983
                                                                                                                                                                                                                                                                          SHA-512:E688D64DA94D3769DD59A8602227A86C08D1A93A8EF714C76C5047518814C2FEE1E2835C1F963D84975B77B547F4BDD993CB50B3C29AA23D8BB3C6DBC80A87F3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3/yj/r/GHKnLL8LCix.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("PolarisFBSDK",[],(function(a,b,c,d,e,f){function a(){try{window.FB&&!window.FB.__buffer||(function(){var c=Function.prototype.apply;function d(a,b){return function(){return c.call(a,b,arguments)}}var b={__type:"JS_SDK_SANDBOX",window:window,document:window.document},e=["setTimeout","setInterval","clearTimeout","clearInterval"];for(var f=0;f<e.length;f++)b[e[f]]=d(window[e[f]],window);(function(){var a=window,c=this,d={};(function(a){var b={},e=function(a,b){if(!a&&!b)return null;var c={};typeof a!=="undefined"&&(c.type=a);typeof b!=="undefined"&&(c.signature=b);return c},f=function(a,b){return e(a&&/^[A-Z]/.test(a)?a:void 0,b&&(b.params&&b.params.length||b.returns)?"function("+(b.params?b.params.map(function(a){return/\?/.test(a)?"?"+a.replace("?",""):a}).join(","):"")+")"+(b.returns?":"+b.returns:""):void 0)};a=function(a,b,c){return a};var g=function(a,b,e){"sourcemeta"in d&&(a.__SMmeta=b);"typechecks"in d&&(b=f(b?b.name:void 0,e),b&&c.__w(a,b));return a},h=fu

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 914

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                                                                                                          Entropy (8bit):6.7719789082293165
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPU8WnDspP8GYUQiOTmUDJcyYWm5kvrCBVreLbp:6v/78OaGYfLDBYCrCneL1
                                                                                                                                                                                                                                                                          MD5:A2796187C58C7E948159E37D6990ECC2
                                                                                                                                                                                                                                                                          SHA1:4209CD85ADD507247F9CE5A87A8C9095B54EE417
                                                                                                                                                                                                                                                                          SHA-256:23341256DB7F44B1F3811880FA2BAE6B7748BBF6B62C544A162E38CF0D5C5082
                                                                                                                                                                                                                                                                          SHA-512:5EF103B8398507495C2708DF8FCD82BDB763B1D580AAAA6CACFB805614764277C19E8ECE5D890A8AAFC004FC8C25E3AB2E67D6FBF373C432A9A0D7C36FA0890F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/images/header/btn_header_installsteam_download.png?v=1
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............v.4A....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.......9....]@.......O.G..@...?..:!..H.....T...{.i>..Y.M...ff..W..'.._P>..!..j.......&......4.'...X.@......?.5..m7..E..X.....Eh. ...P...Q ........... ...%.......y...c..@..?i...{.....HteDtom....IEND.B`.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 915

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (10032)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):39105
                                                                                                                                                                                                                                                                          Entropy (8bit):5.379357910328213
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:vCdn9C0CnMCMKMkMl7ThKxQQMOF2UDvD0b1Q4DSt:vcnCnNxvUBJW
                                                                                                                                                                                                                                                                          MD5:DE199AEF94D2D0A7B25D2EC362A8824E
                                                                                                                                                                                                                                                                          SHA1:9C9118171E0398F296EE8587CD79EE9439AB6285
                                                                                                                                                                                                                                                                          SHA-256:C1C841A11F7C3BEF779F1702F2D1068D210CEDCBF5193E7E83E583D356F045FF
                                                                                                                                                                                                                                                                          SHA-512:D4E72F356D17D55CF99D257BF1B45E80E3CA256CF4D7FC69E449DD9CE08AA4B3C9C4F90D04A5505155EAE4C80F41475C690A9790C0BFD53DAD057DBACC2D9151
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3iuUS4/yi/l/en_US/3DGD6JLby5GS5vdQjn1MlETYUL9NaJFaUnmdbbCPdYdsP0wlwceOFjDMAvt-1OyK-1.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("FalcoAppUniverse",["$InternalEnum"],(function(a,b,c,d,e,f){a=b("$InternalEnum")({FACEBOOK:1,INSTAGRAM:2});c=a;f["default"]=c}),66);.__d("Queue",[],(function(a,b,c,d,e,f){var g={};a=function(){function a(a){this._timeout=null,this._interval=(a==null?void 0:a.interval)||0,this._processor=a==null?void 0:a.processor,this._queue=[],this._stopped=!0}var b=a.prototype;b._dispatch=function(a){var b=this;a===void 0;if(this._stopped||this._queue.length===0)return;a=this._processor;if(a==null){this._stopped=!0;throw new Error("No processor available")}var c=this._interval;if(c!=null)a.call(this,this._queue.shift()),this._timeout=setTimeout(function(){return b._dispatch()},c);else while(this._queue.length)a.call(this,this._queue.shift())};b.enqueue=function(a){this._processor&&!this._stopped?this._processor(a):this._queue.push(a);return this};b.start=function(a){a&&(this._processor=a);this._stopped=!1;this._dispatch();return this};b.isStarted=function(){return!this._stopped

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 916

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17694), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):17859
                                                                                                                                                                                                                                                                          Entropy (8bit):5.167355183248292
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+TD1MKv5PyKpD1Ej6RQvGtHopybcvUKyq:WKKBqyD1Ej6RQvGtHopybcjH
                                                                                                                                                                                                                                                                          MD5:26ACBCE75CEF4EE7F4D5D6D1C18ED642
                                                                                                                                                                                                                                                                          SHA1:C3D63AD975414C62C9A3C6CC8841641669B2C098
                                                                                                                                                                                                                                                                          SHA-256:D1779D8A901180137195EB380669D00259A1D1BBC5D62C5C51BBF8D609AE7B81
                                                                                                                                                                                                                                                                          SHA-512:E6DD3A559822B62A28466BDE6A61A84D50564F322ED27BA6D41B81C1C30973EF142D7B45F5EC50081F20AC66467C04515248958DDA217ECA16154AF9AADAD38D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/javascript/applications/community/chunk~906a41d8e.js?contenthash=cb1b238be4ec6e7a9a1a
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkcommunity=self.webpackChunkcommunity||[]).push([[2822],{6514:e=>{e.exports={LoadingWrapper:"throbber_LoadingWrapper_3Z36h",Static:"throbber_Static_kwzRJ",none:"throbber_none_2iT5l",bottomCircle:"throbber_bottomCircle_3-sjx",noString:"throbber_noString_M4pF_",Throbber:"throbber_Throbber_7MdwT",throbber_small:"throbber_throbber_small_29-XT",throbber_medium:"throbber_throbber_medium_1yqSo",throbber_large:"throbber_throbber_large_1u2tL",throbber_center_wrapper:"throbber_throbber_center_wrapper_Yi4EM",ThrobberText:"throbber_ThrobberText_1Zlvf",blur:"throbber_blur_3ebLc",ThrobberRoundLoop:"throbber_ThrobberRoundLoop_3SEk8",roundOuterOutline:"throbber_roundOuterOutline_3M8Ar",roundOuter:"throbber_roundOuter_3H7At",roundFill:"throbber_roundFill_2FWWt",ThrobberFillLoop:"throbber_ThrobberFillLoop_1-rlb",topCircle:"t

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 917

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (19290)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2115424
                                                                                                                                                                                                                                                                          Entropy (8bit):5.534743346738803
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:cQTdOtr8yFDP4/bjB9jZIHNDbk8EWiwn8d7dVfuWLBUpLU7Pn5hHK+YB:cOdqoTbjBkazd7dNuWLBUpLUDTHK+YB
                                                                                                                                                                                                                                                                          MD5:BDA7F4728C2C4E7376124D288D6AC65C
                                                                                                                                                                                                                                                                          SHA1:D6A7736E0E7F6DDB9CD9D02B9FCF7FB9242BBA08
                                                                                                                                                                                                                                                                          SHA-256:A4D3B396C25E0C3BD8E06F97352DA2208BE4611598449C53C1ECF52567D856E5
                                                                                                                                                                                                                                                                          SHA-512:1E8640CC8B3661395B4935651C0D4391BC10ADCF1C5DF2FA56562D35D039D69685D5A744F7AC6BF7308B31B80D4B972C0F303B4824AA2D97D63CAA49674C7C2C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3iKEI4/y9/l/en_US/dpD0MGkHuZUfQsuiAZrFzHvppEShVdhGy_nq76x_Sr5eIPRxxfuWZFGbzJ21H-b7o089Vv__-P5w5lzXAAUKDeI_lMlVaiSqsyQ7mNxHHCOtfOJ4QlnBRPAClUTu2TmTUVGZG5k_Qpbr4pOiiTrVFEd652OCceNhyyDZ-vsWqehdEtWwDv0kWC0e0BUg3UY1f6lUXWDQVEH-g-FDC.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("CometStyleXDarkTheme",[],(function(a,b,c,d,e,f){e.exports={"fds-black":"black","fds-black-alpha-05":"rgba(0, 0, 0, 0.05)","fds-black-alpha-10":"rgba(0, 0, 0, 0.1)","fds-black-alpha-15":"rgba(0, 0, 0, 0.15)","fds-black-alpha-20":"rgba(0, 0, 0, 0.2)","fds-black-alpha-30":"rgba(0, 0, 0, 0.3)","fds-black-alpha-40":"rgba(0, 0, 0, 0.4)","fds-black-alpha-50":"rgba(0, 0, 0, 0.5)","fds-black-alpha-60":"rgba(0, 0, 0, 0.6)","fds-black-alpha-80":"rgba(0, 0, 0, 0.8)","fds-blue-05":"black","fds-blue-30":"black","fds-blue-40":"black","fds-blue-60":"black","fds-blue-70":"black","fds-blue-80":"black","fds-button-text":"black","fds-comment-background":"black","fds-dark-mode-gray-35":"black","fds-dark-mode-gray-50":"black","fds-dark-mode-gray-70":"black","fds-dark-mode-gray-80":"black","fds-dark-mode-gray-90":"black","fds-dark-mode-gray-100":"black","fds-gray-00":"black","fds-gray-05":"black","fds-gray-10":"black","fds-gray-20":"black","fds-gray-25":"black","fds-gray-30":"black","

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 918

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (8477)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):51591
                                                                                                                                                                                                                                                                          Entropy (8bit):5.384923354321411
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:g1F35HLYF0kiAGhJ65x0KDKDJcrjrMwmvsPxch3pWT:e3JLYqkiAGWx0KDCJcrjrMwmvsPw4T
                                                                                                                                                                                                                                                                          MD5:D525E2986EF30C6C5876AA4BBD5D155F
                                                                                                                                                                                                                                                                          SHA1:16A848EE7B79DB0CA46061CC61E1F81257D04AE8
                                                                                                                                                                                                                                                                          SHA-256:4DE549AD703554664B92AD274104EB22A10D92094888E478BE08F5353D1D0434
                                                                                                                                                                                                                                                                          SHA-512:FC362D38DF1A8DAC9CC2EB1476F7BE6AC23A83A4D192518AC2D270E2FCD270D49CBF355D4D05120FB776398F210CC1D96CBC93233A76712EACE934DD4685BC5C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/sKtrEJAtiUM.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("BdPdcSignalsFalcoEvent",["FalcoLoggerInternal","getFalcoLogPolicy_DO_NOT_USE"],(function(a,b,c,d,e,f,g){"use strict";a=c("getFalcoLogPolicy_DO_NOT_USE")("1743095");b=d("FalcoLoggerInternal").create("bd_pdc_signals",a);e=b;g["default"]=e}),98);.__d("BotDetection_SignalFlags",[],(function(a,b,c,d,e,f){a=Object.freeze({ACTIVE:1,DYNAMIC:2,BIOMETRIC:4,DEPRECATED:8,WEB:16,IOS_NATIVE:32,ANDROID_NATIVE:64,EQUAL_BY_VALUE:128,EQUAL_BY_CONTEXT:256,EQUAL_BY_TIMESTAMP:512,SUSPICIOUS_TIER:1024,PARANOID_TIER:2048,RANDOM_SAMPLE_TIER_DEPRECATED:4096,BENIGN_TIER:262144,EMPLOYEES_TIER:524288,BUNDLE:8192,ONSITE:16384,OFFSITE:32768,OFFSITE_SENSITIVE:65536,SENSITIVE:131072});f["default"]=a}),66);.__d("BDOperationTypedLogger",["Banzai","GeneratedLoggerUtils"],(function(a,b,c,d,e,f){"use strict";a=function(){function a(){this.$1={}}var c=a.prototype;c.log=function(a){b("GeneratedLoggerUtils").log("logger:BDOperationLoggerConfig",this.$1,b("Banzai").BASIC,a)};c.logVital=function(a){b("G

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 919

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):38554
                                                                                                                                                                                                                                                                          Entropy (8bit):7.281917544628079
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:PcaDYrV5KBau+3erpKn9jpe7z9mWAFjQcR4D9DQ0LKfjLh:PcsiV5Y+erc9T/H4f0jLh
                                                                                                                                                                                                                                                                          MD5:231913FDEBABCBE65F4B0052372BDE56
                                                                                                                                                                                                                                                                          SHA1:553909D080E4F210B64DC73292F3A111D5A0781F
                                                                                                                                                                                                                                                                          SHA-256:9F890A9DEBCDFCCC339149A7943BE9AFF9E4C9203C2FA37D5671A5B2C88503AD
                                                                                                                                                                                                                                                                          SHA-512:7B11B709968C5A52B9B60189FB534F5DF56912417243820E9D1C00C97F4BD6D0835F2CDF574D0C36ECB32DBBF5FC397324DF54F7FDF9E1B062B5DBDA2C02E919
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://steamcommunity.com/favicon.ico
                                                                                                                                                                                                                                                                          Preview:............ .h...V......... ......... .... .....F...00.... ..%............ ..R...D..(....... ..... ..................................u...t...w.H.z...|..}...}...|..z...w.I.t...u...........p...f...e...j...k..k...l...m...n...n...n...m..j...e...f...q...Z...Y...]..._...w6...T..{;..`..._..._..._..._..._...]...Y...Z..~K...P...O...{I............P..R...S...S...S...S...S...R..~K..t@.I.Q!.{T.....................M..zF..{H..{H..{H..{H..zG..yE.I..................................zJ$.m9..o;..o<..p<..p<..o;.........................................eM.p@$.c0..d0..d1..d1..............xP<.g9#..hW..........................~o.],..Z(..Z)...j].a7$.P ..O...P ..O.....v..........................dV.O...Q"..F...H...I...I...I...H...Q&...........................H...I...C...C...C...C...C...C...@....rg.......................C...C...?..I>...>...>...>...>...=...Y:*.....................x^Q.<...?..I=...:...:...:...:...:...:...9...mUG.............ti.=...:...=...7...7...6...6...6...6...6...6...4...@%..R:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 920

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (6353), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):6353
                                                                                                                                                                                                                                                                          Entropy (8bit):5.363459275330251
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:GeLYFa7EGANz8HbFLvkJ26t0HLlIuAMvB0nkV9cofMctaUc:fXoxYHbFLA0HL2uRKnsGof9taj
                                                                                                                                                                                                                                                                          MD5:D476CDD0B2916815E6F3D8EF2FB103AA
                                                                                                                                                                                                                                                                          SHA1:95641F904C777B8AA76C1EDD0141A25134AB60CD
                                                                                                                                                                                                                                                                          SHA-256:EF97165B72CA6540D3B11B61A5349F9317C699CAD27257D93CD76DCA145EC618
                                                                                                                                                                                                                                                                          SHA-512:0E3DD2CD94FA1664CFC6A0F5ED0A5B73BB0C5ACAEA922DB2845F5B1CAE5E7F856E50DA6E0BDC0376CF63C45DACBFE6C59742C12AA8185D8EA922CC06EA843D99
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/tl/6.4.65/patlcfg.js
                                                                                                                                                                                                                                                                          Preview:TLT.addModule("digitalData",function(){return{init:function(){},destroy:function(){},onevent:function(webEvent){if("object"==typeof webEvent&&webEvent.type&&webEvent)switch(webEvent.type){case"load":case"unload":"undefined"!=typeof window.fpti&&(qKeys=window.fpti,TLT.logCustomEvent("FPTI",{description:"FPTI",action:"Retrieve",value:qKeys}))}var qKeys}}}),function(){"use strict";var config,msgPrivacyPatterns,lastMsg,TLT=window.TLT,asyncReqOnUnload=/WebKit/i.test(navigator.userAgent),useFetch=!!window.fetch,useBeacon=!0,useWorker=!1,maxQueueEvents=30,maxQueueSize=3e4,queueTimerInterval=2e4,checkEndpoint=!1,enableDomCapture=!0,domDiffEnabled=!0;if("function"==typeof TLT.isInitialized&&TLT.isInitialized())console.warn("Tealeaf has already been initialized in this page. Aborting this initialization.");else{if(TLT.utils.isLegacyIE)return console&&(console.warn("This version of the UIC does not support Internet Explorer 8."),console.info("Applications requiring Internet Explorer 8 (or below)

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 921

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):259865
                                                                                                                                                                                                                                                                          Entropy (8bit):5.404184692500201
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:cBlJQjTMPzJWnodfkei/E+sPKqno7TMbyzb8f:eJQOz95PKqno7Tw
                                                                                                                                                                                                                                                                          MD5:496D08FF3B8667499FF71D622DADFF3F
                                                                                                                                                                                                                                                                          SHA1:7881A1634073EA6E5B23875BB7BEDB955F274635
                                                                                                                                                                                                                                                                          SHA-256:44925F9BDEBD7DADD2E05E034C457104B510F8038F37AF31BD841B7C00DB0AAF
                                                                                                                                                                                                                                                                          SHA-512:E5FD8449A3A3DEB2925CA18ECF3945D216547E8FB8540014AB45CD83D8BE67702BFB8398516BCE144F5246AB3015B1D35C7628CCB45A6FE792CD95306A45949F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.licdn.com/sc/h/4chp9gg1v6kdcwbmfabgpb0an
                                                                                                                                                                                                                                                                          Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=92)}([function(e,t,n){"use strict";n.d(t,"j",(function(){return a})),n.d(t,"x",(function(){re

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 922

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1846
                                                                                                                                                                                                                                                                          Entropy (8bit):7.365755828390777
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:o/51he91Wwh82lYSg767V+6gT3qxyJbRW6vRW6nGPAQ4PKsSnflj0Sybz4+43Ore:o/qQvnb6706gVJbVvVnX/8NAzb/4OFjg
                                                                                                                                                                                                                                                                          MD5:574C350C7B23AE794D5276F8580E0838
                                                                                                                                                                                                                                                                          SHA1:235C7B35C3468F8915ECA01F7ABDB43D34079609
                                                                                                                                                                                                                                                                          SHA-256:8B97BA0DAC22FE6704C1F6D95FE79613F33017804F256ABB9006DF0442491787
                                                                                                                                                                                                                                                                          SHA-512:F1F2D7B6FA49E9241F2B88560127EB2871F66123C2F9DE45B257750CF13E6EBB32A9D85D87AADA6A99838A2F3C5412540065CBAB398760A50F15AAE3A759F9F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...\.........:.;)....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:CA2980EA1CE911E48001B5E88DFE2FC8" xmpMM:InstanceID="xmp.iid:CA2980E91CE911E48001B5E88DFE2FC8" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="022AC118D7972AA30ADDF82E49682075" stRef:documentID="022AC118D7972AA30ADDF82E49682075"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..X[H.Q...7.-.a.E.0.(."....-..z.GIA.O.}..Q.._EQP..(.0{.(z@.......Y.......v..;g.3.Y...93.Y..>{.......02..~b.X....g2..h.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 923

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5430
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4364435707992746
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:++/pSKnJ/3cCXndBlr9aPZ0M0V+2hDTGlpFRlcPgCOfU:+ASKJPcCXjgZ03Gre9
                                                                                                                                                                                                                                                                          MD5:E1528B5176081F0ED963EC8397BC8FD3
                                                                                                                                                                                                                                                                          SHA1:FF60AFD001E924511E9B6F12C57B6BF26821FC1E
                                                                                                                                                                                                                                                                          SHA-256:1690C4E20869C3763B7FC111E2F94035B0A7EE830311DD680AC91421DAAD3667
                                                                                                                                                                                                                                                                          SHA-512:ACF71864E2844907752901EEEAF5C5648D9F6ACF3B73A2FB91E580BEE67A04FFE83BC2C984A9464732123BC43A3594007691653271BA94F95F7E1179F4146212
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
                                                                                                                                                                                                                                                                          Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...0...0...0.............................................................................................................>..............X...........................................................................................................\.......................................................................................................$...<...:...:...:..d......................................................................................................q

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 924

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (22321), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):34966
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3094246488162895
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:aMJoWXJC75P2+/wWnv5Q+TrB2knT3iif39EhJdPXa/wWjFZ:afS+/wWnO+TrB2knT3iif39EhJdi/wWX
                                                                                                                                                                                                                                                                          MD5:36F6DB10738BB8E0D30973AA3570FACF
                                                                                                                                                                                                                                                                          SHA1:42008AC654597CF78DB04903D7C65BFABC250820
                                                                                                                                                                                                                                                                          SHA-256:B2E60E0D6042AE41D66AADFF6A6FBD7B2E9DB9A49EE94D6727513AEE04FAB508
                                                                                                                                                                                                                                                                          SHA-512:1F6C9528A044B59704FCE4748AFD0F6C6AD44339543350D7812667FC4CABEB90D0A46AF432C27F3601878B1C3D65F2E579E94AC9D6EC5ADD00C86EF3F19E5FF1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/css/applications/community/chunk~f036ce556.css?contenthash=1675adeaa3107becbbc5
                                                                                                                                                                                                                                                                          Preview:............newlogindialog_Login_ZOBYq{position:relative;display:flex;flex-direction:column}.newlogindialog_Login_ZOBYq .newlogindialog_SideBySide_1Wl13{display:flex;flex-direction:row;flex:1;padding-top:10px}@media screen and (max-width: 700px){.newlogindialog_Login_ZOBYq .newlogindialog_SideBySide_1Wl13{flex-direction:column}}.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS{flex:0;display:grid;gap:4px;margin-left:40px}@media screen and (max-width: 700px){.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS{display:flex;flex-direction:column;align-items:center;margin-left:0;margin-top:48px}}.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS .newlogindialog_MessagingContainer_3ph6w{display:flex;flex-direction:column;align-items:flex-start;width:200px}.newlogindialog_Login_ZOBYq .newlogindialog_QRSection_2ZDyS .newlogindialog_MessagingTag_3jy5R{color:#1999ff;font-weight:500;font-size:12px;line-height:16px;margin:6px 0px;text-transform:uppercase;letter-spacing:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 925

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (528)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15005
                                                                                                                                                                                                                                                                          Entropy (8bit):5.360552389101315
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:bSzgUw7DiHCcInRKIlmSBD8FQBa0SwDQWURhU9119z4p:gZw7eHCcMRKwB8QQwDtchU9119z6
                                                                                                                                                                                                                                                                          MD5:0CB51C1A5E8E978CBE069C07F3B8D16D
                                                                                                                                                                                                                                                                          SHA1:C0A6B1EC034F8569587AEB90169E412AB1F4A495
                                                                                                                                                                                                                                                                          SHA-256:9B935BDA7709001067D9F40D0B008CB0C56170776245F4FF90C77156980FF5E9
                                                                                                                                                                                                                                                                          SHA-512:F98D0876E9B80F5499DDA72093621588950B9708B4261C8AA55912B7E4851E03596185486AFB3A9A075F90F59552BB9EC9D2E67534A7DEB9652BA794D6EE188D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/require.js
                                                                                                                                                                                                                                                                          Preview:/*. RequireJS 2.1.6 Copyright (c) 2010-2012, The Dojo Foundation All Rights Reserved.. Available via the MIT or new BSD license.. see: http://github.com/jrburke/requirejs for details.*/.var requirejs,require,define;.(function(ba){function J(b){return"[object Function]"===N.call(b)}function K(b){return"[object Array]"===N.call(b)}function z(b,c){if(b){var d;for(d=0;d<b.length&&(!b[d]||!c(b[d],d,b));d+=1);}}function O(b,c){if(b){var d;for(d=b.length-1;-1<d&&(!b[d]||!c(b[d],d,b));d-=1);}}function t(b,c){return ha.call(b,c)}function m(b,c){return t(b,c)&&b[c]}function H(b,c){for(var d in b)if(t(b,d)&&c(b[d],d))break}function S(b,c,d,m){c&&H(c,function(c,l){if(d||!t(b,l))m&&"string"!==typeof c?(b[l]||(b[l]={}),S(b[l],.c,d,m)):b[l]=c});return b}function v(b,c){return function(){return c.apply(b,arguments)}}function ca(b){throw b;}function da(b){if(!b)return b;var c=ba;z(b.split("."),function(b){c=c[b]});return c}function B(b,c,d,m){c=Error(c+"\nhttp://requirejs.org/docs/errors.html#"+b);c.re

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 926

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3355
                                                                                                                                                                                                                                                                          Entropy (8bit):5.396115949174596
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:jrE1CT8Pi/CCsj5x9cHcYVGwGnrGdrtjcd/UfxGD/CtByLF3vDD+FQyB8pCkP:IawCp8E/0Ec+ByBv+FQyCzP
                                                                                                                                                                                                                                                                          MD5:9AF8AAEF60A740E8062CCDA7EFE7C179
                                                                                                                                                                                                                                                                          SHA1:1D72FFFE2679D8E55F35C1CEEFA29261C55E0A43
                                                                                                                                                                                                                                                                          SHA-256:7173A15A85C666C409667810A53ED83FE73505988FF8496EE65C8EE03D683A6A
                                                                                                                                                                                                                                                                          SHA-512:349F5F3958A19BE9B83DE6A18F22786B0C9D79815ABA89F721EE4A2C2DA66098F24794AEA023D84E645F17BCB7A9A5E65EAC331C79530010AA08707329F32114
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/crypto/rsa.js
                                                                                                                                                                                                                                                                          Preview:var RSAPublicKey = function($modulus_hex, $encryptionExponent_hex) {...this.modulus = new BigInteger( $modulus_hex, 16);...this.encryptionExponent = new BigInteger( $encryptionExponent_hex, 16);..};....var Base64 = {...base64: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",...encode: function($input) {....if (!$input) {.....return false;....}....var $output = "";....var $chr1, $chr2, $chr3;....var $enc1, $enc2, $enc3, $enc4;....var $i = 0;....do {.....$chr1 = $input.charCodeAt($i++);.....$chr2 = $input.charCodeAt($i++);.....$chr3 = $input.charCodeAt($i++);.....$enc1 = $chr1 >> 2;.....$enc2 = (($chr1 & 3) << 4) | ($chr2 >> 4);.....$enc3 = (($chr2 & 15) << 2) | ($chr3 >> 6);.....$enc4 = $chr3 & 63;.....if (isNaN($chr2)) $enc3 = $enc4 = 64;.....else if (isNaN($chr3)) $enc4 = 64;.....$output += this.base64.charAt($enc1) + this.base64.charAt($enc2) + this.base64.charAt($enc3) + this.base64.charAt($enc4);....} while ($i < $input.length);....return $output;...},...decode:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 927

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (64904), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):171820
                                                                                                                                                                                                                                                                          Entropy (8bit):5.091592907461997
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:js4PKffp9FVf2HBeZTjxI1slCWW9sEbsgsfRc117tUCqU3A8yWiSgzgPMNSrf:js4PKfx/VhTjHlCNOEArfKrxRJS+D
                                                                                                                                                                                                                                                                          MD5:BD3FBFE0A71FC9C9925BD611F823A1E4
                                                                                                                                                                                                                                                                          SHA1:C5E1A3DDB20C8FB894E069310BDF05DC655F2FA6
                                                                                                                                                                                                                                                                          SHA-256:69ADB0AF90853345093AFAD207BA98622F7D2FCC9AE1365D1C89B267F7F10D4D
                                                                                                                                                                                                                                                                          SHA-512:6E279402479886777224CB092AEE8B76D917DA3D50C255E5689AE71BC338F97ED7E32A9A0F8A9F9B2DF04416A008E257BB7045C3428C10416B8B48834784504F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/sales_english-json.js?contenthash=9124f44354bff0492197
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkstore=self.webpackChunkstore||[]).push([[7952],{12445:e=>{e.exports=JSON.parse('{"language":"english","Summer2022_hunt_Intro":"Greetings from the Future!","Summer2022_hunt_Intro_1":"I am Clorthax, a time-traveling trickster! I know what you.re thinking: \\"A professional trickster? This sounds like a trick!\\" That is a reasonable concern! But what I am about to tell you is not a trick, and to prove it, I will type it in all caps: THIS IS NOT A TRICK.","Summer2022_hunt_Intro_2":"Okay, it.s a trick. But only on the people of the future! You.re going to love this. Why? Because I have stolen the ten best games from the far future, then traveled across an ocean of time to sell them to you! Exclusively on Steam!","Summer2022_hunt_Intro_3":"Anyway, I can.t outright tell you the names of thes

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 928

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4199)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):19219
                                                                                                                                                                                                                                                                          Entropy (8bit):5.387735925560776
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:dV93FTqX+j480p9eoS3jSOE5ouUxK7HROZKMrd3dg:d7Lj480p9etN1xK7xOZKAldg
                                                                                                                                                                                                                                                                          MD5:9E1C91CD2BCAB1C001E94C6961649A42
                                                                                                                                                                                                                                                                          SHA1:06CD3C26EFB2BD546193768730887FE5DCE88E84
                                                                                                                                                                                                                                                                          SHA-256:C1C9E96932CBF5E8BDDB5787C253F98A44E47430FBF5D05ADE4641E8A1B71FE9
                                                                                                                                                                                                                                                                          SHA-512:DDFE2C92C3CAF3FED225128831651C40935D900F43EDF4F6D3F2AE0C855D62417C13952DEF9A96D766065F41ADE471550EEDE1736A1B9B0EF060B00B05C4E8F0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=AvtSve,Ctsu,EFQ78c,EGw7Od,EN3i8d,I6YDgd,IZ1fbc,IZT63,K0PMbc,KUM7Z,L1AAkb,LDQI,LEikZe,MpJwZc,NOeYWe,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,Rusgnf,SCuOPb,STuCOe,SpsfSb,UPKV3d,UUJqVe,Uas9Hd,W2YXuc,YHI3We,YTxL4,ZUKRxc,_b,_tp,aW3pY,b3kMqb,bPkrc,bSspM,bTi8wc,byfTOb,eVCnO,fFzhe,fJpY1b,fqEYIb,hc6Ubd,hmHrle,inNHtf,kSPLL,lsjVmc,ltDFwf,lwddkf,mWLH9d,my67ye,n73qwf,njlZCf,oLggrd,pxq3x,qPfo0c,qmdT9,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,ws9Tlc,xBaz7b,xQtZb,yRXbo,ywOR5c,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.sw=function(a){this.Ga=_.t(a)};_.z(_.sw,_.v);_.tw=function(a,b){return _.sd(a,3,b,_.vc)};_.sw.Gb=[1,2,3,4];.var wAa=_.da.URL,xAa,yAa,AAa,zAa;try{new wAa("http://example.com"),xAa=!0}catch(a){xAa=!1}yAa=xAa;.AAa=function(a){var b=_.Si("A");try{_.ue(b,_.pe(a));var c=b.protocol}catch(e){throw Error("dc`"+a);}if(""===c||":"===c||":"!=c[c.length-1])throw Error("dc`"+a);if(!zAa.has(c))throw Error("dc`"+a);if(!b.hostname)throw Error("dc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};zAa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):(a.host=.b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.BAa=function(a){if(yAa){try{var b=new wAa(a)}catch(d){throw Error("dc`"+a);}var c=zAa.get(b

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 929

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65271), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):419890
                                                                                                                                                                                                                                                                          Entropy (8bit):5.191091987950919
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:aClaF2G5vHcnl/qhakfFDoYp2DZahK7gGCvlZeem/uHocccwxJaYZwEgoMGCofaZ:kTMFDZGK7gGCv5gJaGTySYe/C3
                                                                                                                                                                                                                                                                          MD5:1746FA8FF6159D3342073AC126533437
                                                                                                                                                                                                                                                                          SHA1:763227CCA6F50D66ADA45DAC8A0F5A364212674C
                                                                                                                                                                                                                                                                          SHA-256:A52A0B23DAB2CB9A2E1C84CC1E363B7B668AC1EB61111A8E031F9B2DDDE2A8D9
                                                                                                                                                                                                                                                                          SHA-512:FE4848658693BB671D477F03A7041010BCAE51130B3C5BFD3493330B68CE5E18D67E2E3D62DB3B5BADCE206A1D7B925A92645EA749FCE1857D258355163F406B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/i18n/en.090b2c7a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["i18n/en"],{417346:(e,t,o)=>{var a=o(379404)._register("en",{get emoji(){return o.e("i18n/emoji-en").then(o.t.bind(o,920747,23))}});function n(e,t,o){return"one"==(a=e,n=!String(a).split(".")[1],1==a&&n?"one":"other")?t:o;var a,n}a("c39b0e24","X"),a("hd8c22d2","Mod"),a("c3153100","Admin"),a("ac0d27be","Sorry, this account has been suspended."),a("bcee7444","Account update failed."),a("e0cbf77a","Add phone"),a("f377195c","X is over capacity. Please wait a few moments then try again."),a("d67f9456","You have been blocked from performing this action."),a("e0ece1b6","Cannot attach media, try re-uploading."),a("i82e8f04","To protect our users from spam and other malicious activity, this account is temporarily blocked from following additional accounts. Please make sure you understand the X Rules."),a("jf7be47a","To protect our users from spam and other malicious activity, this account

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 930

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:assembler source, ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):17975
                                                                                                                                                                                                                                                                          Entropy (8bit):5.234304596583918
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:gWNE9NzVI6c4rNORWRyWKPfntY8XiYXUS2qk2VfVQEOHY46ZHnUI7Z0wTmEqNXMi:gWC99VI6c4eWRyJPfnSpYXUS2qk2VfmN
                                                                                                                                                                                                                                                                          MD5:2FDE91E2F3BB85F3A585C1982CEC5212
                                                                                                                                                                                                                                                                          SHA1:A96CCAE29A05FE0FC0416DFBCCFBE7D0A8BE2749
                                                                                                                                                                                                                                                                          SHA-256:B8C231EB652EA06DBB97709A6382739CEEE11EB3861F2D801C0B3989A936FA4E
                                                                                                                                                                                                                                                                          SHA-512:268E41D029D4A28BC31E0D36A1143CD17F2F4BDCBFF23FA1339A6D18DC4EE7D67A952D5ED34E609A0FEE2AD030E3B3D6C21283E3611C4679A7A113A889E26280
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/css/login.css?v=L96R4vO7hfOl&l=english
                                                                                                                                                                                                                                                                          Preview:...login_modal {...max-width: 502px;...font-family: Arial, Helvetica, sans-serif;...font-size: 12px;..}.....auth_modal_h1 {...color: #67c1f5;...font-size: 24px;...font-weight: normal;..}.....auth_button_h3 {.....font-family: "Motiva Sans", Sans-serif;....font-weight: normal; /* normal */.......font-size: 22px;...font-weight: normal;...color: #ffffff;..}.....auth_button_h5 {...font-size: 13px;...color: #66C0F4;...font-weight: bold;..}.....auth_message_area, .twofactorauth_message_area {...position: relative;...padding-left: 70px;...min-height: 92px;..}.....auth_icon {...position: absolute;...top: 6px;...left: 0px;...width: 67px;...height: 48px;.....background-image: url('https://store.akamai.steamstatic.com/public/shared/images/login/emailauth_icons2.png');...background-repeat: no-repeat;..}.....auth_icon.auth_icon_trash {...background-position: center 0px;..}.....auth_icon.auth_icon_key {...background-position: center -48px;..}.....auth_icon.auth_icon_lock {...background-position: cent

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 931

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):122171
                                                                                                                                                                                                                                                                          Entropy (8bit):4.922780501464006
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:LlFY4P+xmlvr+k3mCQHNl9EvOxzXQApcGBPVCGUb6WFA66WqiLOrVQXWc1Uw4zv6:71XZEl9EvOxzLcGBkQ1WBV4MH
                                                                                                                                                                                                                                                                          MD5:39E34882BA4417CB4B1B84916DABB770
                                                                                                                                                                                                                                                                          SHA1:0D0CA081FB60C8AAD337091BAFCBE84F966C38B0
                                                                                                                                                                                                                                                                          SHA-256:DA708635DA162EA493874627775C3520A42145B79C73BF787B5113BF87C0B27C
                                                                                                                                                                                                                                                                          SHA-512:50BB7803DBAFEF5F571B9B36A975B43C26E233DA165C3D9E37856421FD93915B26ACDE47C5948E8E91D19975D8DD0E1F064999288B50297E3FA28824B88F3405
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&load=effects,controls,slider,dragdrop"
                                                                                                                                                                                                                                                                          Preview:// script.aculo.us scriptaculous.js v1.8.1, Thu Jan 03 22:07:12 -0500 2008....// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)..// ..// Permission is hereby granted, free of charge, to any person obtaining..// a copy of this software and associated documentation files (the..// "Software"), to deal in the Software without restriction, including..// without limitation the rights to use, copy, modify, merge, publish,..// distribute, sublicense, and/or sell copies of the Software, and to..// permit persons to whom the Software is furnished to do so, subject to..// the following conditions:..// ..// The above copyright notice and this permission notice shall be..// included in all copies or substantial portions of the Software...//..// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..// NONINFRINGEMENT. IN NO EV

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 932

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (15990)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):670506
                                                                                                                                                                                                                                                                          Entropy (8bit):5.734945947279104
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:jOCEdMoAb+a0RaaaDiLAj/b8X3HMAwG7+SLarPgg2C+Y:j9KMoAbEa7W3HdwxUY
                                                                                                                                                                                                                                                                          MD5:14B09FBBD54D23643BB62856CCA0CE1D
                                                                                                                                                                                                                                                                          SHA1:59F0388EBC9872EDDB4E680F27A989413461498F
                                                                                                                                                                                                                                                                          SHA-256:3DC5B8F6AD05B487BBEF49C42C3FFF488ABF47D75CD2D62BB50DA2A02D1082B9
                                                                                                                                                                                                                                                                          SHA-512:074939AB026F704363BB586FF029C2B8D54B0228C88573B69DD40EA63EAFD1220CCD7C368EB8132BF039DFC4A4C007E565B76760D720EEE4F04588C2C50CD476
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,fJpY1b,b3kMqb,EGw7Od,ZUKRxc,my67ye,t2srLd,EN3i8d,hmHrle,mWLH9d,NOeYWe,O6y8ed,fqEYIb,PrPYRd,MpJwZc,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,lwddkf,SpsfSb,fFzhe,tUnxGc,aW3pY,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,xBaz7b,eVCnO,LDQI"
                                                                                                                                                                                                                                                                          Preview:"use strict";_F_installCss(".Mh0NNb{background-color:#323232;bottom:0;box-sizing:border-box;box-shadow:0px 6px 10px 0px rgba(0,0,0,.14),0px 1px 18px 0px rgba(0,0,0,.12),0px 3px 5px -1px rgba(0,0,0,.2);color:#fff;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;flex-direction:column;font-size:14px;left:0;min-height:48px;position:fixed;right:0;transform:translate(0,100%);visibility:hidden;z-index:99999}.M6tHv{-webkit-box-align:center;box-align:center;align-items:center;align-content:center;display:flex;-webkit-box-orient:horizontal;-webkit-box-direction:normal;flex-direction:row;min-height:inherit;padding:0}.aGJE1b{box-flex:1;flex-grow:1;flex-shrink:1;line-height:normal;overflow:hidden;padding:14px 24px;text-overflow:ellipsis;word-break:break-word}.x95qze{align-self:center;color:#eeff41;box-flex:0;flex-grow:0;flex-shrink:0;float:right;text-transform:uppercase;font-weight:500;display:inline-block;cursor:pointer;outline:none;padding:14px 24px}.KYZn9b{background-color:#

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 933

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2843
                                                                                                                                                                                                                                                                          Entropy (8bit):6.967423493204583
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:o2/61MYLNnwknA9WpitbEsg9wlO/cHJ3z3VHi3bEs/Hc5mmDhhIZwldFWbd/9maH:/SyYRwknmWpiVbgx/mHqb/Hc5thdlubX
                                                                                                                                                                                                                                                                          MD5:41E851F8E42B6BF3414278871E93E8A2
                                                                                                                                                                                                                                                                          SHA1:A3811C7E1157F77950EC1F0558293BC90E432E82
                                                                                                                                                                                                                                                                          SHA-256:399F74C4E69EAC8B59B149293F9A573955FEF0A62B242CFA70346070013E0966
                                                                                                                                                                                                                                                                          SHA-512:F3C3549F1390B52791196E6F19584CBD4C4DB2B51FEF78C9C607C944079FED69B75E8F88594C3D647F2DDC29F282BF41BE455BE328AB27C091B4A37C41B00965
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/images/v6/logo_steam_footer.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...\.........:.;)....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp:CreateDate="2019-08-09T13:37:29-07:00" xmp:ModifyDate="2020-06-17T17:39:04-07:00" xmp:MetadataDate="2020-06-17T17:39:04-07:00" xmpMM:InstanceID="xmp.iid:a6176093-d0df-1f4a-86f8-26e70acca1dd" xmpMM:DocumentID="adobe:docid:photoshop:5cf069c4-c89c-fa4c-8c00-dff9f3add583" xmpMM:OriginalDocumentID="x

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 934

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (50633), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):50828
                                                                                                                                                                                                                                                                          Entropy (8bit):5.008007369530084
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:s7aiXjClRv4fwhkzS2wibyI7CshpzAuIRmu:EglRwfwhkzSTibyI7CsAuIRmu
                                                                                                                                                                                                                                                                          MD5:E125BE4A6DAA07A6008B38C64C601044
                                                                                                                                                                                                                                                                          SHA1:D777DD6158730D4C475764F158EDA9320625C701
                                                                                                                                                                                                                                                                          SHA-256:12791BDD6F1584B62D74D0DE0892796A0E7EB59ED92CE145BE7FF79FC156779F
                                                                                                                                                                                                                                                                          SHA-512:6BE5DB454E05289E261D2AC14B5E5116756C7659F626145D26DE70FCDFB972E881A57EFEAF9644B762B93B9991CD373A9EBE920EAC9DC8E5FA71C67B9ECB1B86
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/main_english-json.js?contenthash=b8682a28e4856a0b797f
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkstore=self.webpackChunkstore||[]).push([[6815],{63336:e=>{e.exports=JSON.parse('{"language":"english","CuratorAdmin_RSSFeed_title":"Manage my RSS Feeds","CuratorAdmin_RSSFeed_desc":"Setting up RSS feeds allows you to automate the Steam Events and Announcement creation from your existing content management platform. Your content from your site will automatically surface to Steam customers who follow you as News. ","CuratorAdmin_RSSFeed_lang_only":"Feed Language:","CuratorAdmin_Curator_lang_only":"NOTE: The curator is set to %1$s language which is different from the feed language of %2$s. Re-save the feed to update to this language.","CuratorAdmin_RSSFeed_lang":"The language is set on the group to \'%1$s\'. If this is not correct, you can edit the group profile and then re-setup this feed.","Cu

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 935

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (29833)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):50561
                                                                                                                                                                                                                                                                          Entropy (8bit):5.357316434641012
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:9TxQb5CNthxTB3eFT3CaC3i+56PxRBYVZqrFP7cZhHgaL9quDheNfGg2ynJDRX:Ib5sB32zr46PxRjrqL1m3
                                                                                                                                                                                                                                                                          MD5:7790691A55F644D7FB3C19BCF2A19816
                                                                                                                                                                                                                                                                          SHA1:E804EA514A622071DDFAE5E84D78942035B7A840
                                                                                                                                                                                                                                                                          SHA-256:0FFC1AD6E19330A6EF4CA56C293C0D9EF1F743C8FF419205D18EAB1B28F00321
                                                                                                                                                                                                                                                                          SHA-512:FD8333F93EA61CF666701EA2A67FF144360BA6E23969ECEAB9D589808FE2118CF217817B668C4DFA980F43D7835FC108F4C2837B630EBB2F376238B70A9F75E9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yU/l/en_US/NJVgMHwCLBZ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("PageHooks",["Arbiter","ErrorUtils","InitialJSLoader","PageEvents"],(function(a,b,c,d,e,f){var g;f={DOMREADY_HOOK:"domreadyhooks",ONLOAD_HOOK:"onloadhooks"};function h(){k(l.DOMREADY_HOOK),window.domready=!0,b("Arbiter").inform("uipage_onload",!0,"state")}function i(){k(l.ONLOAD_HOOK),window.loaded=!0}function j(a,c){return(g||(g=b("ErrorUtils"))).applyWithGuard(a,null,null,function(a){a.event_type=c,a.category="runhook"},"PageHooks:"+c)}function k(a){var b=a=="onbeforeleavehooks"||a=="onbeforeunloadhooks";do{var c=window[a];if(!c)break;b||(window[a]=null);for(var d=0;d<c.length;d++){var e=j(c[d],a);if(b&&e)return e}}while(!b&&window[a])}function c(){window.domready||(window.domready=!0,k("onloadhooks")),window.loaded||(window.loaded=!0,k("onafterloadhooks"))}function d(){var a,c;(a=b("Arbiter")).registerCallback(h,[(c=b("PageEvents")).BIGPIPE_DOMREADY,b("InitialJSLoader").INITIAL_JS_READY]);a.registerCallback(i,[c.BIGPIPE_DOMREADY,c.BIGPIPE_ONLOAD,b("InitialJSLo

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 936

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular4.015;Plau;Motiva
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):122684
                                                                                                                                                                                                                                                                          Entropy (8bit):6.0666961682037535
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:lpsQ7l3T64Z1lKcDqttEPBWVNwZ+e222pKKSxfj9:Yg3T64Z19DqtkWbu/222kZfh
                                                                                                                                                                                                                                                                          MD5:57613E143FF3DAE10F282E84A066DE28
                                                                                                                                                                                                                                                                          SHA1:88756CC8C6DB645B5F20AA17B14FEEFB4411C25F
                                                                                                                                                                                                                                                                          SHA-256:19B8DB163BCC51732457EFA40911B4A422F297FF3CD566467D87EAB93CEF0C14
                                                                                                                                                                                                                                                                          SHA-512:94F045E71B9276944609CA69FC4B8704E4447F9B0FC2B80789CC012235895C50EF9ECB781A3ED901A0C989BED26CAA37D4D4A9BAFFCCE2CB19606DBB16A17176
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG.......4....GDEF...4...,...@GPOS:>}....l..uzGSUB.d....v.....OS/2u6.........`cmap.d..........cvt F......|....fpgm.6!....D....gasp.......t....glyf._m....|....head...H...l...6hhea...G.......$hmtx..l.........locaCH..........maxp.......X... name..l...x...opost............prep.......\...................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 937

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                                                                                                          Entropy (8bit):6.7719789082293165
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPU8WnDspP8GYUQiOTmUDJcyYWm5kvrCBVreLbp:6v/78OaGYfLDBYCrCneL1
                                                                                                                                                                                                                                                                          MD5:A2796187C58C7E948159E37D6990ECC2
                                                                                                                                                                                                                                                                          SHA1:4209CD85ADD507247F9CE5A87A8C9095B54EE417
                                                                                                                                                                                                                                                                          SHA-256:23341256DB7F44B1F3811880FA2BAE6B7748BBF6B62C544A162E38CF0D5C5082
                                                                                                                                                                                                                                                                          SHA-512:5EF103B8398507495C2708DF8FCD82BDB763B1D580AAAA6CACFB805614764277C19E8ECE5D890A8AAFC004FC8C25E3AB2E67D6FBF373C432A9A0D7C36FA0890F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/header/btn_header_installsteam_download.png?v=1
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............v.4A....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.......9....]@.......O.G..@...?..:!..H.....T...{.i>..Y.M...ff..W..'.._P>..!..j.......&......4.'...X.@......?.5..m7..E..X.....Eh. ...P...Q ........... ...%.......y...c..@..?i...{.....HteDtom....IEND.B`.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 938

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (377), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):34674
                                                                                                                                                                                                                                                                          Entropy (8bit):5.421358067509858
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:ciJQBnCB/MaberYaWM5tWgFPQVGvKMpEFbW:cMQJu/Mabc4MZPPvKzk
                                                                                                                                                                                                                                                                          MD5:3F9FAFDC9C0CDDD25D6E4D046A8D42D3
                                                                                                                                                                                                                                                                          SHA1:E277FDA3655E94DDB80F03225EFA7EE8EBD6BB30
                                                                                                                                                                                                                                                                          SHA-256:A2ADAD654A0E37C791418E897592D6213B0CBEB73B35C1DE6CA82085C4E79CE9
                                                                                                                                                                                                                                                                          SHA-512:012D99F610FBA081390225909D3915361EE5638D71EE507B3D05EB71D05C1489EF1CDC0A39DA1D2D1ADACBDFAC2C279D96EBB47C72273CC2662E06E4378EEBFE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/javascript/crypto/jsbn.js
                                                                                                                                                                                                                                                                          Preview:..// Copyright (c) 2005 Tom Wu..// All Rights Reserved...// See "LICENSE" for details...../*.. * Copyright (c) 2003-2005 Tom Wu.. * All Rights Reserved... *.. * Permission is hereby granted, free of charge, to any person obtaining.. * a copy of this software and associated documentation files (the.. * "Software"), to deal in the Software without restriction, including.. * without limitation the rights to use, copy, modify, merge, publish,.. * distribute, sublicense, and/or sell copies of the Software, and to.. * permit persons to whom the Software is furnished to do so, subject to.. * the following conditions:.. *.. * The above copyright notice and this permission notice shall be.. * included in all copies or substantial portions of the Software... *.. * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, .. * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY .. * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. .. *.. * IN NO EVENT SHAL

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 939

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1667), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):18927
                                                                                                                                                                                                                                                                          Entropy (8bit):5.515061622598667
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:QwtVMAjYb2JalUNlpczHK7DYiHiEiN/mm+pqOw6GNNZhweP8/F:QmS6FJJNzczHK7DFHix/T+pqOwlNzi
                                                                                                                                                                                                                                                                          MD5:72E18D3F57737ADBA0956936BF438916
                                                                                                                                                                                                                                                                          SHA1:EFAC889DC41D671AE12A6E0A6C77F803F7EC68AE
                                                                                                                                                                                                                                                                          SHA-256:EA56DA3AB70FE84A679DC523B2EC93BB3A01AD55E41A4DA0EF79E39C5D9F47AC
                                                                                                                                                                                                                                                                          SHA-512:D90E4DD1732C27EDBD0BCA44A00EC7352512CD80EAF0C8B044FADF6B2764C1BBAD74DCAF91A0D4F00769B314D6FCA01445B5161D34C7F147B656FC1DDE957533
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=cuGNP1dzetug&l=english
                                                                                                                                                                                                                                                                          Preview:...responsive_page_frame {...position: relative;..}....body.movescrolltocontent .responsive_page_frame {...position: fixed;...top: 0;...right: 0;...bottom: 0;...left: 0;...overflow: auto;..}....body.overflow_hidden,..body.overflow_hidden .responsive_page_frame {...overflow: hidden;...position: relative;..}....html.responsive {...height: 100%;..}....html.responsive body {...min-height: 100%;...height: auto;...position: relative;..}....html.responsive body.movescrolltocontent {...position: fixed;...top: 0;...right: 0;...bottom: 0;...left: 0;..}.....responsive_page_content {..}.....partner_events .responsive_page_content {.. height: 100vh;..}.....responsive_page_menu_ctn {...position: fixed;...top: 0;...bottom: 0;...overflow: hidden;.....background: black;.....z-index: 30;...width: 280px;..}.....responsive_page_frame:not(.in_menu_drag) .responsive_page_menu_ctn {...transition: left 0.5s, right 0.5s;..}.....responsive_page_menu_ctn.mainmenu {...left: -280px;..}.....responsive_page_menu_

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 940

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):98854
                                                                                                                                                                                                                                                                          Entropy (8bit):4.867532557069715
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:LkFygjIQYTRPpTYWpgKGUouAblpbTPW+0ZdE:Y/KGduAbl9+G
                                                                                                                                                                                                                                                                          MD5:C1C69B93ACAE1196F0DEA4EBC908941F
                                                                                                                                                                                                                                                                          SHA1:5B9AC0CDB23C04ED0FAFF44F2FBF4560289F8AAF
                                                                                                                                                                                                                                                                          SHA-256:23D4D3BFD80F24A668D8B53BDA208AEAA501E17E6273C2AF48D7B236481E4EFB
                                                                                                                                                                                                                                                                          SHA-512:D613CB2244E5414B8932CE443E81ACFF620F709BC2706AAA832D37DF3713913B69C7E5B68B58E3080BD4B363F9F3A36124C91385FC798FCF5E8518E7A7EFA3AD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.epicgames.com/id/api/i18n?ns=messages
                                                                                                                                                                                                                                                                          Preview:{"smartling":{"entity_escaping":"false"},"hi":"Hi","ok":"OK","yes":"Yes","no":"No","or":"or","orName":"Or","cancel":"Cancel","close":"Close","confirm":"Confirm","continue":"Continue","next":"Next","submit":"Submit","back":"Back","goBack":"Go Back","backToSignIn":"Back to sign in","allow":"Allow","accept":"Accept","deny":"Deny","skip":"Skip","skip.anyway":"Skip Anyway","to.agree":"Agree","decline":"Decline","agree":"I agree","disagree":"Disagree","show":"Show","hide":"Hide","showLess":"Show less","showMore":"Show more","logInNow":"Log in now","signIn":"Sign In","logIn":"Log In","startVerification":"Start Verification","awaitingVerification":"Awaiting Verification","choose.signIn":"Sign In","choose.signInUp":"Sign In or Sign Up","choose.orContinueWith":"or continue with","epic.signIn":"Sign in to your Epic Games Account","signUp":"Sign Up","choose.signUp":"Choose a Sign-Up Method","signInLater":"Sign In Later","childSignUp":"Child Sign Up","createAccount":"Create Account","activate":"Act

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 941

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4490)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15696
                                                                                                                                                                                                                                                                          Entropy (8bit):5.53720422098828
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:kBEhu582htJ02PzxIwk6jqPSZUXV4jqPSZq17i+PV0vvnXhFawn8zVt9cb6KS3/:kBmf2htJ1bxIwk6jqPSZUXV4jqPSZq15
                                                                                                                                                                                                                                                                          MD5:39E4DAD5F851BDD16999313F5509C819
                                                                                                                                                                                                                                                                          SHA1:AF68B7028EAE61C563517BE394B85B31ADAA1809
                                                                                                                                                                                                                                                                          SHA-256:966740F8D9BCC0330E72ADF6812BEC13FED90EFB03AE21EF698F47C6AA33BB58
                                                                                                                                                                                                                                                                          SHA-512:AC4B3491EB0B1C512E4AFDD9BD44ECAB9B4429D351C661BFEFB01E1346D6AB72095CF3C5F5EF2C695CADD7E2342F81A5163CD3826BF5E68A21336E28567308AE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/bHmuPlLj85H.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("Keys",[],(function(a,b,c,d,e,f){"use strict";a=Object.freeze({BACKSPACE:8,TAB:9,RETURN:13,SHIFT:16,CTRL:17,ALT:18,PAUSE_BREAK:19,CAPS_LOCK:20,ESC:27,SPACE:32,PAGE_UP:33,PAGE_DOWN:34,END:35,HOME:36,LEFT:37,UP:38,RIGHT:39,DOWN:40,INSERT:45,DELETE:46,ZERO:48,ONE:49,TWO:50,THREE:51,FOUR:52,FIVE:53,SIX:54,SEVEN:55,EIGHT:56,NINE:57,A:65,B:66,C:67,D:68,E:69,F:70,G:71,H:72,I:73,J:74,K:75,L:76,M:77,N:78,O:79,P:80,Q:81,R:82,S:83,T:84,U:85,V:86,W:87,X:88,Y:89,Z:90,LEFT_WINDOW_KEY:91,RIGHT_WINDOW_KEY:92,SELECT_KEY:93,NUMPAD_0:96,NUMPAD_1:97,NUMPAD_2:98,NUMPAD_3:99,NUMPAD_4:100,NUMPAD_5:101,NUMPAD_6:102,NUMPAD_7:103,NUMPAD_8:104,NUMPAD_9:105,MULTIPLY:106,ADD:107,SUBTRACT:109,DECIMAL_POINT:110,DIVIDE:111,F1:112,F2:113,F3:114,F4:115,F5:116,F6:117,F7:118,F8:119,F9:120,F10:121,F11:122,F12:123,NUM_LOCK:144,SCROLL_LOCK:145,SEMI_COLON:186,EQUAL_SIGN:187,COMMA:188,DASH:189,PERIOD:190,FORWARD_SLASH:191,GRAVE_ACCENT:192,OPEN_BRACKET:219,BACK_SLASH:220,CLOSE_BRAKET:221,SINGLE_QUOTE:222

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 942

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65198)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2366351
                                                                                                                                                                                                                                                                          Entropy (8bit):5.557571777690697
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:yDMKsX6q/3IKiYCQKV6Jea89Oqh5m1YCQKVJfZ617MAZkxJFa+8bra4U:DtquA+8nU
                                                                                                                                                                                                                                                                          MD5:303D79EB07409A5EA1A784793A9BF5C9
                                                                                                                                                                                                                                                                          SHA1:CF5AEA80F7D993EE6282A32CD43796AFF51FAC6A
                                                                                                                                                                                                                                                                          SHA-256:5F28F35ACC3D0862662AD07EB8C3B69C485406B953D44C3F9459C7910334126E
                                                                                                                                                                                                                                                                          SHA-512:B4614F8601379B1181C3B5AD40518040E7BE5194B69527904B87A982A7142DD074A7B974C82E25CD00BC4D0E0DE1441A32754C1C958BC769C54A6ED613CE6638
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.25c1fd71.chunk.js
                                                                                                                                                                                                                                                                          Preview:/*! For license information please see 3.25c1fd71.chunk.js.LICENSE.txt */..!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="84351b1d-0c9e-5730-abad-6d47f2d91542")}catch(e){}}();.(this["webpackJsonpaccountportal-node-website"]=this["webpackJsonpaccountportal-node-website"]||[]).push([[3],[function(e,t,n){"use strict";e.exports=n(674)},function(e,t,n){"use strict";e.exports=n(700)},function(e,t,n){"use strict";n.d(t,"a",(function(){return i}));var r=n(51);function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?o(Object(n),!0).forEach((function(t){Object(r.a)(e,t,n[t])})):Obj

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 943

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (15660), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15827
                                                                                                                                                                                                                                                                          Entropy (8bit):5.040599718428787
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+HZESGhgBaL79GTdyIqgYjg+qGUugxGCeA2M+Ij:kwgBaL79GTdyIqgYjg+qGUugxGCeA2MX
                                                                                                                                                                                                                                                                          MD5:711C15A9A49C28F601E370B37312066A
                                                                                                                                                                                                                                                                          SHA1:3B2CE1435E50F63EE6F27831B21014B5CCB82FEF
                                                                                                                                                                                                                                                                          SHA-256:FE51AAF4E9D2C855609E884EA09B61B3489A217F3D6E0A39C30492103DFB1354
                                                                                                                                                                                                                                                                          SHA-512:EA5D3CBA432FD035EB7AD419B716035A4754C1608EE611EE4A207838B1A486D52B3C890B209B4328B72679AC952852FF45C1749FEEC523241B881356A8472C52
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/shoppingcart_english-json.js?contenthash=c7457faeda1d6efa4214
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/.."use strict";(self.webpackChunkstore=self.webpackChunkstore||[]).push([[3766],{5582:e=>{e.exports=JSON.parse('{"language":"english","Cart_Remove":"Remove","Cart_RemoveAll":"Remove all items","Cart_Edit":"Edit","Cart_Quantity":"Qty: %1$s","Cart_YourShoppingCart":"Your Shopping Cart","Cart_EstimatedTotal":"Estimated total","Cart_Note_SalesTax":"Sales tax will be calculated during checkout where applicable","Cart_PurchaseBtn":"Purchase","Cart_ContainsGiftCheckbox":"This purchase contains a gift","Cart_Bradcrumb_Home":"Home","Cart_LineItemGift_Checkbox":"This is a gift?","Cart_IncludesItems":"Includes %1$s item","Cart_IncludesItems_Plural":"Includes %1$s items","Cart_SelectGiftRecipient":"Select gift recipient...","Cart_ChangeGiftRecipient":"Edit gift recipient...","Cart_GiftRecipient_Label":"Gift Recipient:","Cart_GiftDelivery

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 944

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):4495
                                                                                                                                                                                                                                                                          Entropy (8bit):4.231793539683161
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:qLlbCe1CypE22uJuXplSlDrACAts8/yRlzUntwRntg1Zy7GbNB:QCgCym2hJuXuACEs8qRlzUtwRteZyCbj
                                                                                                                                                                                                                                                                          MD5:2ECD7878D26715C59A1462EA80D20C5B
                                                                                                                                                                                                                                                                          SHA1:2A0D2C2703EB290A814AF87EE09FEB9A56316489
                                                                                                                                                                                                                                                                          SHA-256:79A837D4EC921084E5CB0663372232B7B739A6AE5F981B00EB79EB3441043FC5
                                                                                                                                                                                                                                                                          SHA-512:222472C443ABA64839D4FA561A77541D913F43156083DA507380AC6889FDD237D9B5374E710092DD60B48A5B808CBA12749921C441144C5A429AB28D89D74FB0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/dust-helpers-supplement.js
                                                                                                                                                                                                                                                                          Preview:var extend = function extend(dust) {.. // Add new dust helpers in this style. dust.helpers.link = function link(chunk, ctx, bodies, params) {. 'use strict';.. var href,. host = ctx.getPath(false, ['context', 'pageInfo', 'hostName']),. production,. stage,. sandbox,. dev,. cobrand,. locale,. pat,. extension,. type,. str;.. // Get trailing part of url and extract extension, if any. if (params) {. if (params.href) {. href = dust.helpers.tap(params.href, chunk, ctx);. href = href.trim();. pat = /\.[0-9a-z]{1,4}$/i;. extension = href.match(pat);. } else {. return chunk.write(''); // if not href, generate empty output. }. if (params.type) {. type = dust.helpers.tap(params.type, chunk, ctx);. if

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 945

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3405)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3628
                                                                                                                                                                                                                                                                          Entropy (8bit):5.146132900633519
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mWBBtlfQi9T9dXlpM0n6hwyB+8FhQJuyBQ3iCWh:9XQ4pMW6lhQJuyh
                                                                                                                                                                                                                                                                          MD5:6FFE1AE50EBFEF522B9E38F92624861E
                                                                                                                                                                                                                                                                          SHA1:3D11A829F6CD28D806A2154E2338216DCA4763D8
                                                                                                                                                                                                                                                                          SHA-256:F1E5D3837323A7C963C9725EE2C3A46A4FD5A7DBEC7647F68C8CB2CF4C51D50E
                                                                                                                                                                                                                                                                          SHA-512:F831E33C92A9B625D93119AA26E9B96BC62445331901050D69AF62505F6AAC8A0105CD2A9EE2D799338BB577318CF68C8CF97535EDF9242133F3B4D1E73235D4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.DashMenu~loader.SideNav~bundle.MultiAccount~bundle.Communities~ondemand.SettingsMonetization~bu.9a52b5ca.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.DashMenu~loader.SideNav~bundle.MultiAccount~bundle.Communities~ondemand.SettingsMonetization~bu"],{220871:e=>{var l={argumentDefinitions:[],kind:"Fragment",metadata:null,name:"UserCell_user",selections:[{alias:null,args:null,kind:"ScalarField",name:"is_blue_verified",storageKey:null},{alias:null,args:null,concreteType:"ApiUser",kind:"LinkedField",name:"legacy",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"id_str",storageKey:null},{kind:"RequiredField",field:{alias:null,args:null,kind:"ScalarField",name:"profile_image_url_https",storageKey:null},action:"THROW",path:"legacy.profile_image_url_https"},{kind:"RequiredField",field:{alias:null,args:null,kind:"ScalarField",name:"name",storageKey:null},action:"THROW",path:"legacy.name"},{kind:"RequiredField",field:{alias:null,args:null,kind:"ScalarField",name:"screen_name",storageKey:null},action:"THR

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 946

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2636), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):153425
                                                                                                                                                                                                                                                                          Entropy (8bit):5.338453754150566
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:D1lZAT60MhmjGFhxx25lnl9bsPdVcTzWMayN3qxViIomeFANNfsfM6kQuOEmTMqe:708xx25/9b6dVcr9qVij4rUEoe
                                                                                                                                                                                                                                                                          MD5:E038A2667EF2220E2B9E585BCDE8FEBB
                                                                                                                                                                                                                                                                          SHA1:843C4C9BBEBF5999EE330D480335E2936D608D17
                                                                                                                                                                                                                                                                          SHA-256:F17E6E857C0DF2EEC9EC021F0A24DBB0FC9680835EAD3EE019C8DA3EA72AEF6B
                                                                                                                                                                                                                                                                          SHA-512:5268FE455C7DFB33F6383785B0936E1EA37195F14570C8F73D9C92524A6C78242B4706F2EA2438327B130466F2C52E928008010CD31F1E755A7DB85BDD5A8AD7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=4DiiZn7yIg4r&l=english
                                                                                                                                                                                                                                                                          Preview:..Steam = {...sm_bInitialized: false,...sm_bUserInClient: false,...sm_bUserInGameOverlay: false,...sm_bUserInTenfootBrowser: false,...sm_bUserInMobileChat: false,...sm_bUserInMobileApp: false,.....BIsUserInSteamClient: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInClient;...},.....BIsUserInGameOverlay: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInGameOverlay...},.....BIsUserInSteamTenfootBrowser: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInTenfootBrowser;...},.....BIsUserInClientOrOverlay: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInClient || Steam.sm_bUserInGameOverlay;...},.....BIsUserInSteamMobileChat: function()...{....if ( !Steam.sm_bInitialized ).....Steam.Init();......return Steam.sm_bUserInMobileChat;...},.....BIsUserInSteamMobileApp: function()...{....if ( !Steam.sm_bInitialized )...

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 947

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):38524
                                                                                                                                                                                                                                                                          Entropy (8bit):5.380933182606575
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:sI3zD+5oBVldt7oUMzTfWQU2I3jY6AUWvoo+xJR3Y7TVOJRCLdInzVQy3ke:LVlTUWEI3zWvoo+xJNY7hOhpQK
                                                                                                                                                                                                                                                                          MD5:7609CFFA24A53E65D4B74577DE272F4B
                                                                                                                                                                                                                                                                          SHA1:59543F04A0DCA6B1056D174AC44B821CE4FD6BB3
                                                                                                                                                                                                                                                                          SHA-256:2CE110DF6BA65C666F65D2090D9FC8A343811389AA458B4E76BA7C7C309E4D37
                                                                                                                                                                                                                                                                          SHA-512:B66B19DDE83E01D88FE76185D42EF4E7BBB5BDD92D1FF89E1B9420239288978A38CBB29263969867B7B0F075287D04DEB8F43E52B19AAE957FC6AA6B9BA0EC72
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCUo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEotM5KnP6eq1I-j0IjUz5JAQCU0Q/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.ona=function(a){var b=0,c;for(c in a)b++;return b};_.pna=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ma(a)||"string"===typeof a?a.length:_.ona(a)};_.Vo=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ma(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.xb(a)};._.qna=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ma(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.yb(a)}}};.var rna,una,tna,sna,kp,mp,Gna,xna,zna,yna,Cna,Ana;rna=function(a,b,c){if(b)re

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 948

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3524), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):26929
                                                                                                                                                                                                                                                                          Entropy (8bit):5.357743538963489
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:LE2FmmHVbBdenA6LvASpqaRWVMJW+mag3KI8ivffVQjOIojIAerzeveWxF63KI8T:LE2FmmHVbBdenA6LvASpqaRWVMJW+maQ
                                                                                                                                                                                                                                                                          MD5:7B18DCACF852797417C91C1F9E893575
                                                                                                                                                                                                                                                                          SHA1:82D85D495E69BAD5C7A16E985BBBEFCAFD8C783A
                                                                                                                                                                                                                                                                          SHA-256:1EA4C0AC52EBA01606458F5A2D4A1B8328DCF18EBE2FC1B66F8DBD2AD9B4051E
                                                                                                                                                                                                                                                                          SHA-512:271A3CC7AE006CA3D5F3B541FC8EFC128E7821E3BA2B2D8C25938F3BDBDBEC1CDADAA61C870083F7154CF67E6C0BAC860B54078737CDBE6D898D20E0B489CAA0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.steampowered.com/login
                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Sign In</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://store.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=Rc2hpzg2Ex3T&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://store.akamai.steamstatic.com/public/shared/css/shared_global.css?v=8HrFBColtzur&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://store.akamai.steamstatic.com/public/shared/css/buttons.css?v=CrrkDubPqLcq&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://store.akamai.steamstatic.com/public/css/v6/store.css?v=7phVxkd1akuD&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://store.akamai.steamstatic.com/public/css/v6/c

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 949

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):102
                                                                                                                                                                                                                                                                          Entropy (8bit):4.844555459508597
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:JSbMqSL1cdXWKQKHNqFjKW6s1d2/4VgWaee:PLKdXNQKHNwjgE84VgL
                                                                                                                                                                                                                                                                          MD5:74A981E3AAAA1F7200E5F87B03883703
                                                                                                                                                                                                                                                                          SHA1:22CF9554C2D813A219B2982AE769695119AC1092
                                                                                                                                                                                                                                                                          SHA-256:55052D853A3F144505DC773EF237AC838AF312C0180FF293F7CF1A3847345EAB
                                                                                                                                                                                                                                                                          SHA-512:0E3190F7E3DE1B0127001342B33BCD3F23AD1BF113FEA94A97F9D4A59C9C6BFEEC61A5889BB69FB0D16BDED2656529DFFD69E48D4A4B32E436346772D7D8FBF2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.recaptcha.net/recaptcha/enterprise/webworker.js?hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu
                                                                                                                                                                                                                                                                          Preview:importScripts('https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js');

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 950

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):33754
                                                                                                                                                                                                                                                                          Entropy (8bit):5.2643196420250495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:1rv31+3R8zIF/3doix2R1pW81qWZRhcJfJnJN:FpP1vZRw
                                                                                                                                                                                                                                                                          MD5:3D42487E1B5C427ED66F2BE54948561B
                                                                                                                                                                                                                                                                          SHA1:450B970E36AEB1375844C48A412BE7CAF5D5C447
                                                                                                                                                                                                                                                                          SHA-256:60A5B96DD853A80363DE37AE72B72CEADA056CF781CD9DD2AC74869030D6F76D
                                                                                                                                                                                                                                                                          SHA-512:CCFA196D70DFF10E488AC4D0817836E54EA573EF6C59CC76A57E47988668C38EF43E1012C71A975D234D678D6EF667E895936E45ABDA8A74D0EBE45FDA8AC101
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                                                                                                                                                                                                                                                                          Preview:.btn_green_white_innerfade {...border-radius: 2px;...border: none;...padding: 1px;...display: inline-block;...cursor: pointer;...text-decoration: none !important;...color: #D2E885 !important;........background: #a4d007;.....background: -webkit-linear-gradient( top, #a4d007 5%, #536904 95%);..background: linear-gradient( to bottom, #a4d007 5%, #536904 95%);..}......btn_green_white_innerfade > span {....border-radius: 2px;....display: block;...........background: #799905;.....background: -webkit-linear-gradient( top, #799905 5%, #536904 95%);..background: linear-gradient( to bottom, #799905 5%, #536904 95%);....}.....btn_green_white_innerfade:not(.btn_disabled):not(:disabled):not(.btn_active):not(.active):hover {...text-decoration: none !important;...color: #fff !important;........background: #b6d908;.....background: -webkit-linear-gradient( top, #b6d908 5%, #80a006 95%);..background: linear-gradient( to bottom, #b6d908 5%, #80a006 95%);..}......btn_green_white_innerfade:not(.btn_disable

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 951

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (56398), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):56398
                                                                                                                                                                                                                                                                          Entropy (8bit):5.907604034780877
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:+LUmmAWTe2uXYp8Mi+yKYlebyB5lxRx54PHSGdXXwW7MFWwXVuE2:4UcW6v+0B5chXwW49z2
                                                                                                                                                                                                                                                                          MD5:EB4BC511F79F7A1573B45F5775B3A99B
                                                                                                                                                                                                                                                                          SHA1:D910FB51AD7316AA54F055079374574698E74B35
                                                                                                                                                                                                                                                                          SHA-256:7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
                                                                                                                                                                                                                                                                          SHA-512:EC9BDF1C91B6262B183FD23F640EAC22016D1F42DB631380676ED34B962E01BADDA91F9CBDFA189B42FE3182A992F1B95A7353AF41E41B2D6E1DAB17E87637A0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
                                                                                                                                                                                                                                                                          Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 952

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):38554
                                                                                                                                                                                                                                                                          Entropy (8bit):7.281917544628079
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:PcaDYrV5KBau+3erpKn9jpe7z9mWAFjQcR4D9DQ0LKfjLh:PcsiV5Y+erc9T/H4f0jLh
                                                                                                                                                                                                                                                                          MD5:231913FDEBABCBE65F4B0052372BDE56
                                                                                                                                                                                                                                                                          SHA1:553909D080E4F210B64DC73292F3A111D5A0781F
                                                                                                                                                                                                                                                                          SHA-256:9F890A9DEBCDFCCC339149A7943BE9AFF9E4C9203C2FA37D5671A5B2C88503AD
                                                                                                                                                                                                                                                                          SHA-512:7B11B709968C5A52B9B60189FB534F5DF56912417243820E9D1C00C97F4BD6D0835F2CDF574D0C36ECB32DBBF5FC397324DF54F7FDF9E1B062B5DBDA2C02E919
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.steampowered.com/favicon.ico
                                                                                                                                                                                                                                                                          Preview:............ .h...V......... ......... .... .....F...00.... ..%............ ..R...D..(....... ..... ..................................u...t...w.H.z...|..}...}...|..z...w.I.t...u...........p...f...e...j...k..k...l...m...n...n...n...m..j...e...f...q...Z...Y...]..._...w6...T..{;..`..._..._..._..._..._...]...Y...Z..~K...P...O...{I............P..R...S...S...S...S...S...R..~K..t@.I.Q!.{T.....................M..zF..{H..{H..{H..{H..zG..yE.I..................................zJ$.m9..o;..o<..p<..p<..o;.........................................eM.p@$.c0..d0..d1..d1..............xP<.g9#..hW..........................~o.],..Z(..Z)...j].a7$.P ..O...P ..O.....v..........................dV.O...Q"..F...H...I...I...I...H...Q&...........................H...I...C...C...C...C...C...C...@....rg.......................C...C...?..I>...>...>...>...>...=...Y:*.....................x^Q.<...?..I=...:...:...:...:...:...:...9...mUG.............ti.=...:...=...7...7...6...6...6...6...6...6...4...@%..R:

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 953

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15344
                                                                                                                                                                                                                                                                          Entropy (8bit):7.984625225844861
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
                                                                                                                                                                                                                                                                          MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                                                                                                                                                                                                                                                          SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                                                                                                                                                                                                                                                          SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                                                                                                                                                                                                                                                          SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 954

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1198
                                                                                                                                                                                                                                                                          Entropy (8bit):4.92536183669385
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:PzRCvsqk/AMvGGP5Zb0sgK1Z/O7+KU43IYxxqh3snFEPmZwifnmTNK43GNUSoG91:P9wM/tGGBZYsgKPU+KU43s3d+ZwifmTs
                                                                                                                                                                                                                                                                          MD5:B625A3DC02E4E9CBCD21AE7E50F331A3
                                                                                                                                                                                                                                                                          SHA1:E8A50FA6A995A8BEBEDCD190972644809EE2D089
                                                                                                                                                                                                                                                                          SHA-256:4A178734B54E5D15A488E5360123579D7F32AFAE93C18E751790DA8C8B3F8FF1
                                                                                                                                                                                                                                                                          SHA-512:F83810E9A023DBDAE40109B349AA37523A8F6AC7CA68C331E5923A1DF88DCBF593A3607A1EC7D5A4F05F509F4EE4ADDC28D1A869AA27B008D9CDD2CCF7E54241
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/app.js
                                                                                                                                                                                                                                                                          Preview:require(['nougat', 'backbone', 'router', 'widgets/analytics', 'underscore', 'opinionLabComponent'],...function (nougat, Backbone, Router, Analytics, _) {....'use strict';...var context, viewName, router;....// Turning Backbone into a pub/sub hub..._.extend(Backbone, Backbone.Events);....// Create instance of the App...var app = {.....initialize : function () {......// Analytics used for tracking links and errors.....Analytics.initialize();......// Grab data from the page context.....nougat.setContext($(document.body).data());......context = nougat.getContext();......viewName = context.viewName;......// Only instantiate the standalone CAPTCHA view but no other views because the Backbone router.....// will never be triggered because the URL in the browser window will not belong to the Auth.....// Challenge application......if (viewName === 'authcaptcha') {......var asyncAssets = [ "view/" + viewName ];.......require(asyncAssets, function (View) {.......if (typeof View === "function") {..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 955

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5636)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5785
                                                                                                                                                                                                                                                                          Entropy (8bit):5.461847707196724
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OP8pTz0bS+Ji801FEgjXCDuMzVLRZFOBmpBdIqxgK6NgKcjT:OPw02Exs1j8BFZF8mpBWdE
                                                                                                                                                                                                                                                                          MD5:96C0DCF6E31375184D49D3A74BB1BC07
                                                                                                                                                                                                                                                                          SHA1:ED0E922F8746C163A8A963CBBBF70D25BC11D0B6
                                                                                                                                                                                                                                                                          SHA-256:19A90D3BBD7CC71F1D2F909C30DA0334135FC82C695EC7F983AA15485A3F11FE
                                                                                                                                                                                                                                                                          SHA-512:DF4629E38076177D32518A0D8E1097C0147F2554FBDC990631CABE827EA777E1AC1A2A42BD48F30022784206F0DBDE16EA42733F9B35C5B3D00A984D4860FFCE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AppModules~bundle.Ocf.58d49faa.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AppModules~bundle.Ocf"],{750519:(e,t,n)=>{n.d(t,{QF:()=>o,Qo:()=>l,hZ:()=>i});var r=n(24058);const a="external_referer",s=604800;function i(e){return(0,r.ej)({cookieName:a,featureSwitches:e})}function o(e,t){const n=t&&t.encryptedReferralDetails||"",i=t&&t.encryptedReferer||"",o=t&&void 0!==t.referralType?`${t.referralType}`:"";if(!n&&!i&&!o)return;const l=`${encodeURIComponent(i)}|${o}|${encodeURIComponent(n)}`;(0,r.d8)(a,l,{cookieOptions:{maxAge:s,encode:e=>e},featureSwitches:e})}const l=e=>{const t=i(e);if(t&&t.split("|").length>1){const e=t.split("|");return{encryptedReferer:e[0],referralType:e[1],encryptedReferralDetails:e[2]}}}},658380:(e,t,n)=>{n.r(t),n.d(t,{ArkoseChallengeType:()=>S,ArkoseSecurityChallenge:()=>v,default:()=>_});n(906886);var r=n(202784),a=n(325686),s=n(973186),i=n(808443),o=n(206149),l=n(348501),c=n(90437),d=n(472599),u=n(470025),p=n(182385

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 956

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (25467)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):25508
                                                                                                                                                                                                                                                                          Entropy (8bit):5.094451586944145
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:HTP8X48LLyEoSsntg1YwDPc4PFNZdcF7a9OOpj6UkeUZrg+y/3Rjqz+jtkd6Pmzq:zP8Xymxke9R04uGmXmH
                                                                                                                                                                                                                                                                          MD5:6E28DEAE28590A7A63969BF00512782A
                                                                                                                                                                                                                                                                          SHA1:C12712D683FD15FDBBE373180CF0F7C7A5BCDB5E
                                                                                                                                                                                                                                                                          SHA-256:BE241A24CAFE282578F2C401F940531631D50F3D0432C43B7ADC76ECA67A8898
                                                                                                                                                                                                                                                                          SHA-512:340245FC821DB5227927161A946BFE834C5B9DB1C94DAD16DB81B2DB59C89ADFAC0648D15933A1A28F89010BC2C3D03D5B30899AAFC956E8A382088E92B756D5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/backbone-1.5.0.min.js
                                                                                                                                                                                                                                                                          Preview:(function(r){var n=typeof self=="object"&&self.self===self&&self||typeof global=="object"&&global.global===global&&global;if(typeof define==="function"&&define.amd){define(["underscore","jquery","exports"],function(t,e,i){n.Backbone=r(n,i,t,e)})}else if(typeof exports!=="undefined"){var t=require("underscore"),e;try{e=require("jquery")}catch(t){}r(n,exports,t,e)}else{n.Backbone=r(n,{},n._,n.jQuery||n.Zepto||n.ender||n.$)}})(function(t,h,x,e){var i=t.Backbone;var a=Array.prototype.slice;h.VERSION="1.5.0";h.$=e;h.noConflict=function(){t.Backbone=i;return this};h.emulateHTTP=false;h.emulateJSON=false;var r=h.Events={};var o=/\s+/;var l;var u=function(t,e,i,r,n){var s=0,a;if(i&&typeof i==="object"){if(r!==void 0&&"context"in n&&n.context===void 0)n.context=r;for(a=x.keys(i);s<a.length;s++){e=u(t,e,a[s],i[a[s]],n)}}else if(i&&o.test(i)){for(a=i.split(o);s<a.length;s++){e=t(e,a[s],r,n)}}else{e=t(e,i,r,n)}return e};r.on=function(t,e,i){this._events=u(n,this._events||{},t,e,{context:i,ctx:this

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 957

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):293429
                                                                                                                                                                                                                                                                          Entropy (8bit):5.083605252332618
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:pCLfh6nicf8Z5wPTdpM4mDoz1EsnFyyyHh3zOxPnS8kVLkIVfzYAK6k1PY:pfw4mDiTFyA6TVfMAKNZY
                                                                                                                                                                                                                                                                          MD5:CCD2CA0B9DDB09BD19848D61D1603288
                                                                                                                                                                                                                                                                          SHA1:7CB2A2148D29FDD47EAFAEEEE8D6163455AD44BE
                                                                                                                                                                                                                                                                          SHA-256:4D0AD40605C44992A4EEB4FC8A0C9BED4F58EFDB678424E929AFABCAAC576877
                                                                                                                                                                                                                                                                          SHA-512:E81F44F0BD032E48FEB330A4582D8E94059C5DE69C65CB73D28C9C9E088E6DB3DCB5664FF91487E2BBC9401E3F3BE21970F7108857AB7CED62DE881601277CDD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/jquery-1.12.4.js
                                                                                                                                                                                                                                                                          Preview:/*!. * jQuery JavaScript Library v1.12.4. * http://jquery.com/. *. * Includes Sizzle.js. * http://sizzlejs.com/. *. * Copyright jQuery Foundation and other contributors. * Released under the MIT license. * http://jquery.org/license. *. * Date: 2016-05-20T17:17Z. */..(function( global, factory ) {...if ( typeof module === "object" && typeof module.exports === "object" ) {...// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factory( w );....};..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 958

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBlack4.015;Plau;MotivaSa
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):120816
                                                                                                                                                                                                                                                                          Entropy (8bit):6.070220522864693
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:IrEEEEEueapd0oej1yAHjU/gXG7mGSCfj9:IDpd0oejdQ/gXgfh
                                                                                                                                                                                                                                                                          MD5:4F7C668AE0988BF759B831769BFD0335
                                                                                                                                                                                                                                                                          SHA1:280A11E29D10BB78D6A5B4A1F512BF3C05836E34
                                                                                                                                                                                                                                                                          SHA-256:32D4C8DC451E11DB315D047306FEEA0376FBDC3A77C0AB8F5A8AB154164734D1
                                                                                                                                                                                                                                                                          SHA-512:AF959FE2A7D5F186BD79A6B1D02C69F058ECD52E60EBD0EFFA7F23B665A41500732FFA50A6E468A5253BB58644251586AE38EC53E21EAB9140F1CF5FD291F6A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG............GDEF...4...,...@GPOS..B....l..l.GSUB.d....m.....OS/2w*.'.......`cmap.d..........cvt J......0....fpgm.6!.........gasp.......(....glyf...G.......jhead.g.n.......6hhea.r.....(...$hmtx..*....L....loca.F. ...4....maxp........... nameKN].........post............prep...........................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 959

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (377), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):34674
                                                                                                                                                                                                                                                                          Entropy (8bit):5.421358067509858
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:ciJQBnCB/MaberYaWM5tWgFPQVGvKMpEFbW:cMQJu/Mabc4MZPPvKzk
                                                                                                                                                                                                                                                                          MD5:3F9FAFDC9C0CDDD25D6E4D046A8D42D3
                                                                                                                                                                                                                                                                          SHA1:E277FDA3655E94DDB80F03225EFA7EE8EBD6BB30
                                                                                                                                                                                                                                                                          SHA-256:A2ADAD654A0E37C791418E897592D6213B0CBEB73B35C1DE6CA82085C4E79CE9
                                                                                                                                                                                                                                                                          SHA-512:012D99F610FBA081390225909D3915361EE5638D71EE507B3D05EB71D05C1489EF1CDC0A39DA1D2D1ADACBDFAC2C279D96EBB47C72273CC2662E06E4378EEBFE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/javascript/crypto/jsbn.js
                                                                                                                                                                                                                                                                          Preview:..// Copyright (c) 2005 Tom Wu..// All Rights Reserved...// See "LICENSE" for details...../*.. * Copyright (c) 2003-2005 Tom Wu.. * All Rights Reserved... *.. * Permission is hereby granted, free of charge, to any person obtaining.. * a copy of this software and associated documentation files (the.. * "Software"), to deal in the Software without restriction, including.. * without limitation the rights to use, copy, modify, merge, publish,.. * distribute, sublicense, and/or sell copies of the Software, and to.. * permit persons to whom the Software is furnished to do so, subject to.. * the following conditions:.. *.. * The above copyright notice and this permission notice shall be.. * included in all copies or substantial portions of the Software... *.. * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, .. * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY .. * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. .. *.. * IN NO EVENT SHAL

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 960

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (647)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):514678
                                                                                                                                                                                                                                                                          Entropy (8bit):5.669850658889447
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:58+cCxHn6/Wk+Zx1raepBj8oQHOlkjc7n/NrfQjFw/hrPutvvQmkUtV6:5/bZk/ShQumirfqFw/MKmkUK
                                                                                                                                                                                                                                                                          MD5:37C6AF40DD48A63FCC1BE84EAAF44F05
                                                                                                                                                                                                                                                                          SHA1:1D708ACE806D9E78A21F2A5F89424372E249F718
                                                                                                                                                                                                                                                                          SHA-256:DAF20B4DBC2EE9CC700E99C7BE570105ECAF649D9C044ADB62A2098CF4662D24
                                                                                                                                                                                                                                                                          SHA-512:A159BF35FC7F6EFDBE911B2F24019DCA5907DB8CF9BA516BF18E3A228009055BCD9B26A3486823D56EACC391A3E0CC4AE917607BD95A3AD2F02676430DE03E07
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js
                                                                                                                                                                                                                                                                          Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. o

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 961

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1631)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):38524
                                                                                                                                                                                                                                                                          Entropy (8bit):5.380933182606575
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:sI3zD+5oBVldt7oUMzTfWQU2I3jY6AUWvoo+xJR3Y7TVOJRCLdInzVQy3ke:LVlTUWEI3zWvoo+xJNY7hOhpQK
                                                                                                                                                                                                                                                                          MD5:7609CFFA24A53E65D4B74577DE272F4B
                                                                                                                                                                                                                                                                          SHA1:59543F04A0DCA6B1056D174AC44B821CE4FD6BB3
                                                                                                                                                                                                                                                                          SHA-256:2CE110DF6BA65C666F65D2090D9FC8A343811389AA458B4E76BA7C7C309E4D37
                                                                                                                                                                                                                                                                          SHA-512:B66B19DDE83E01D88FE76185D42EF4E7BBB5BDD92D1FF89E1B9420239288978A38CBB29263969867B7B0F075287D04DEB8F43E52B19AAE957FC6AA6B9BA0EC72
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/ck=boq-identity.AccountsSignInUi.7fQcyxKRGI4.L.B1.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlESPRnh-JZZP_yCycaEkysrUryWfw/ee=ASJRFf:LANRae;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:BDnJmb;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:fqEYIb;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.ona=function(a){var b=0,c;for(c in a)b++;return b};_.pna=function(a){return a.Vg&&"function"==typeof a.Vg?a.Vg():_.ma(a)||"string"===typeof a?a.length:_.ona(a)};_.Vo=function(a){if(a.Mg&&"function"==typeof a.Mg)return a.Mg();if("undefined"!==typeof Map&&a instanceof Map||"undefined"!==typeof Set&&a instanceof Set)return Array.from(a.values());if("string"===typeof a)return a.split("");if(_.ma(a)){for(var b=[],c=a.length,d=0;d<c;d++)b.push(a[d]);return b}return _.xb(a)};._.qna=function(a){if(a.Lg&&"function"==typeof a.Lg)return a.Lg();if(!a.Mg||"function"!=typeof a.Mg){if("undefined"!==typeof Map&&a instanceof Map)return Array.from(a.keys());if(!("undefined"!==typeof Set&&a instanceof Set)){if(_.ma(a)||"string"===typeof a){var b=[];a=a.length;for(var c=0;c<a;c++)b.push(c);return b}return _.yb(a)}}};.var rna,una,tna,sna,kp,mp,Gna,xna,zna,yna,Cna,Ana;rna=function(a,b,c){if(b)re

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 962

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2482)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2705
                                                                                                                                                                                                                                                                          Entropy (8bit):5.445838346956854
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:iIWNftX+VOz1s22zhYFsTQtX+VOz1s2cqYFs0tX+VOz1s2IYFsZtX+VOz1s2AspD:aNftXtHeosMtXtHcqos0tXtHIosZtXtf
                                                                                                                                                                                                                                                                          MD5:43ABDA15EFEA3B9A9CCBF21F27696937
                                                                                                                                                                                                                                                                          SHA1:50012D4543D3ABA1F36272EEDBF3F6852505E734
                                                                                                                                                                                                                                                                          SHA-256:A4A6CA249EBC45C330B4904C229F7A6DA35E74C0100A1898BEE43E76E0C3EDA1
                                                                                                                                                                                                                                                                          SHA-512:99A0C6DB3638BB0C8C74D85B7134F00B8CB24876E6932204591C896CE3CEA4535EB001D126BA2C49806475C5E2F0941722E79FD46E564080A4B7E9446F21AB29
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AudioDock~loader.DMDrawer~bundle.ReaderMode~bundle.Articles~bundle.AudioSpaceDetail~bundle.Audi.b6b925fa.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AudioDock~loader.DMDrawer~bundle.ReaderMode~bundle.Articles~bundle.AudioSpaceDetail~bundle.Audi"],{983882:(e,i,t)=>{t.r(i),t.d(i,{default:()=>n});var l=t(202784),c=t(890601),s=t(783427),a=t(473569);const d=(e={})=>{const{direction:i}=(0,s.Z)();return(0,c.Z)("svg",{...e,accessibilityRole:e.accessibilityLabel?e.accessibilityRole||"img":void 0,accessibilityHidden:void 0===e.accessibilityLabel,style:[a.Z.root,e.style],viewBox:"0 0 24 24",children:l.createElement("g",null,l.createElement("path",{d:"M3 2h18.61l-3.5 7 3.5 7H5v6H3V2zm2 12h13.38l-2.5-5 2.5-5H5v10z"}))},{writingDirection:i})};d.metadata={width:24,height:24};const n=d},78525:(e,i,t)=>{t.r(i),t.d(i,{default:()=>n});var l=t(202784),c=t(890601),s=t(783427),a=t(473569);const d=(e={})=>{const{direction:i}=(0,s.Z)();return(0,c.Z)("svg",{...e,accessibilityRole:e.accessibilityLabel?e.accessibilityRole||"img":void 0,a

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 963

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (6634)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):7495
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4745511576675305
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ssxaUxHgdmsTBa6owjIDJZ/wq049Euscpl7s:NboJEz/wd49Euw
                                                                                                                                                                                                                                                                          MD5:B96C26DF3A59775A01D5378E1A4CDBFC
                                                                                                                                                                                                                                                                          SHA1:B3EC796DBEA78A8ED396CD010CBBD544C0B6F5F3
                                                                                                                                                                                                                                                                          SHA-256:8B43508ABA121C079651841E31C71ADC6DDECCA7CFBB0EE310498BF415D907B8
                                                                                                                                                                                                                                                                          SHA-512:C8C0166BA96A4BBD409275157647E9394FD086C860107F802793F3D2DD88762FD9C9B51852087812B8BFA7C5B468C10C62D44E09330DA39981648CAECCDB5567
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js
                                                                                                                                                                                                                                                                          Preview:./*@preserve.***Version 1.64.1***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. !function(e){function n(n){for(var t,r,i=n[0],a=n[1],c=0,d=[];c<i.length;c++)r=i[c],o[r]&&d.push(o[r][0]),o[r]=0;for(t in a)Object.prototype.hasOwnProperty.call(a,t)&&(e[t]=a[t]);for(s&&s(n);d.length;)d.shift()()}var t={},o={5:0};func

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 964

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (8621)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):46529
                                                                                                                                                                                                                                                                          Entropy (8bit):5.412147117903216
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:V0kw0wSo3qi1ataFhhuYAArdPFvUDJjIy8Iim0sKymy8W2Cu20u6SMiNckECuvwN:rwSo3XItkuSBFgjIy8Iim0sKymy8W2CN
                                                                                                                                                                                                                                                                          MD5:820B48A7A44A8BF1CAA8771111F427C5
                                                                                                                                                                                                                                                                          SHA1:7F882C34526D106E4C96F2FC26DF37680D5420D5
                                                                                                                                                                                                                                                                          SHA-256:5710DB1646C528ED0E248697500DF70AAACBB2F99B0AC7F5E496D80405A6C2BD
                                                                                                                                                                                                                                                                          SHA-512:79B292E234EF459CF09256631051C248CC5A525B0280A566AB86EF042370E47FF8BAB94343FC13DE3921A3379EF70765B9E5BBA85FFDE95BB637611BD0C6FA76
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3ije04/yL/l/en_US/BorpLVK9bra.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("CometSection.react",["react"],(function(a,b,c,d,e,f,g){"use strict";var h,i=h||d("react");function a(a,b){var c=a.children,d=a.className,e=a.name,f=a.role;a=a.testid;return i.jsx("div",{"aria-label":e,className:d,"data-testid":void 0,ref:b,role:f,children:c})}a.displayName=a.name+" [from "+f.id+"]";b=i.forwardRef(a);g["default"]=b}),98);.__d("CometContentArea.react",["CometSection.react","react","stylex"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||d("react"),k={content:{alignItems:"x6s0dn4",display:"x78zum5",flexDirection:"xdt5ytf",maxWidth:"x193iq5w",minHeight:"x1t2pt76",width:"xh8yej3",$$css:!0},contentArea:{alignItems:"x1qjc9v5",display:"x78zum5",justifyContent:"xl56j7k",maxWidth:"x193iq5w",minHeight:"x1t2pt76",$$css:!0},contentCentered:{justifyContent:"xl56j7k",$$css:!0},fullHeight:{height:"x5yr21d",$$css:!0}};function a(a){var b=a.applyFullHeight;b=b===void 0?!1:b;var d=a.children,e=a.hasNoRole;e=e===void 0?!1:e;var f=a.testid;f=a.verticalAlign;a=f=

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 965

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):52
                                                                                                                                                                                                                                                                          Entropy (8bit):4.542000661265563
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yVkxzNDrMKcwVbF7KnZ:yVkxtkwVbF7KZ
                                                                                                                                                                                                                                                                          MD5:B3B89B9C275343BC6798E3A83564FDDB
                                                                                                                                                                                                                                                                          SHA1:32367475C527C3F5E5DB0BF42C348816FF4D157B
                                                                                                                                                                                                                                                                          SHA-256:900FB968F7FD9EA55F600AC9002A89E56AB56597DA7BDE04DEAAE6CC77AEB276
                                                                                                                                                                                                                                                                          SHA-512:ADB6938104E802B0936630B216CDE732F21ECA6E60E7A31D1B9C8FF52B5A66A712A7ECDE3F8ED4915D15C0A71C33A9788060E1E22999094C39020A1F8C636874
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                                                                                                                                                                                                                                          Preview:CiUKDQ0ZARP6GgQIVhgCIAEKCw3oIX6GGgQISxgCCgcN05ioBxoA

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 966

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansMedium4.015;Plau;MotivaS
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):124048
                                                                                                                                                                                                                                                                          Entropy (8bit):6.074024700633004
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:v4Kkq/szjKJRIDCnR96guXgECINo28BZZDhpkemOXaxq4jKea8GyFLaE0Af0ffL9:vf/fxn7ElXxE0wS0fj9
                                                                                                                                                                                                                                                                          MD5:2D64CAA5ECBF5E42CBB766CA4D85E90E
                                                                                                                                                                                                                                                                          SHA1:147420ABCEB4A7FD7E486DDDCFE68CDA7EBB3A18
                                                                                                                                                                                                                                                                          SHA-256:045B433F94502CFA873A39E72D616C73EC1B4C567B7EE0F847F442651683791F
                                                                                                                                                                                                                                                                          SHA-512:C96556EC57DAC504919E806C7DF536C4F86892B8525739289B2F2DBBF475DE883A4824069DBDD4BB1770DD484F321563A00892E6C79D48818A4B95406BF1AF96
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015
                                                                                                                                                                                                                                                                          Preview:........... DSIG...........GDEF...4...,...@GPOS......l..u.GSUB.d....w.....OS/2u..........`cmap.d..........cvt G..t........fpgm.6!........gasp............glyf5.}2........head...W.......6hhea...v.......$hmtx._X.........loca.:yV........maxp.......l... names...........post.......<....prep..........................................s...t.u...v......./......... .Q...........D..DFLT..latn. .................!.:..AZE .HCAT .VCRT .dKAZ .rMOL ..NLD ..ROM ..TAT ..TRK ...............".............#.............$.............%.............&.............'.............(.............).............*........... .+.,cpsp..cpsp..cpsp..cpsp..cpsp."cpsp.(cpsp..cpsp.4cpsp.:cpsp.@cpsp.Fkern.Lkern.Tkern.\kern.dkern.lkern.tkern.|kern..kern..kern..kern..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mark..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk."mkmk.,mkmk.6mkmk.@mkmk.J..................................................................................................................................

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 967

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 27668, version 1.66
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):27668
                                                                                                                                                                                                                                                                          Entropy (8bit):7.993293695949505
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:768:6xFhDLaJVsyxJNOX0LJpxQDXxR0xlGBaNOfdHhSbCtK6xwwueMr:IZIVpOX0ljmXxR0DGQk2F62n5r
                                                                                                                                                                                                                                                                          MD5:4555758A9A1A19E87A66ECEAF00B1B23
                                                                                                                                                                                                                                                                          SHA1:155617F24B6AE17ECBAAB7E4093EBF3547680A5A
                                                                                                                                                                                                                                                                          SHA-256:A2497148F72E2839707D55316931A3C71B2B355D7BEC48CF672C026F4903DDFC
                                                                                                                                                                                                                                                                          SHA-512:942871D8BDA60182B516247D1C28E3D7A1FAEF6920BA6E11F0E0EDE65A600C8AEAB1B879E9D61B0DD3A7B363286E8A36338B83E9919DE22BAE5D386424D4BC7C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.85a5d915.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......l.......kP..k....B....................?FFTM..*......^.`..v.&..R.....d....6.$.....J.. ..<..X..>[.Qq......u'".&}.?.bl.h.s...f.V.e'.v.m..|'...s.F..6d.{..T..*.l3.2....+...Jj9..0I...7U.q.iu.......=L...+..qU|A.O..N.c.).....F.O..,..)4....v..&.'V.o.f.pB.X7sHD.p..l..."E...Qk. ..*.T...~C....?l.0/.7A?..D......H.:=.m..,!'..R...$..v......O..g.....gp.*.#...y...Q.e...d.c....(..^.H.Z...t..,.....4...../.J...D....._........bb-$....=....b...A.&..?.[.\.....0.+*./.f.....5.J.[...pd.p...y@.Fs!..#y..."O/.....W2b.}...`.a~.N..T......mp.r...Z.......#.P]...!..0K.4..N..DPp.E....P.+-.7..9j..T..L.Z\..._......^..vZ...%[.RI.".C4}..+..kZ...~.....B....h...W<...<..9kq.s....."R...........-.7..".a.m@.Y.-Xd.P-?.R.I....../............:....{..V.U)8.....D>..X........#{4....3.|...+....vQ.....`.......^.1..Cv..........V.*Z#..).2.H.S]jc........zk.C. .....p...;....{X..$.i....d.t.........R.."..J..KU..).}.\~.....(w......6..O..>>.mr.5y...+.&..G..]....d.u......M....[6..T#...zjJ

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 968

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):6071
                                                                                                                                                                                                                                                                          Entropy (8bit):4.961478576775147
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:CftkjQu0Q0LCY/TMqqMbFibpR1KO0PT4tWaZSxLakjbBWk/YVGi4inMypJeeYsfA:MoQzj7wyFmnw3EtWaZw+oMCYVlBflKGG
                                                                                                                                                                                                                                                                          MD5:812B50931C7ACB37DDFCF2D66CE4F6D9
                                                                                                                                                                                                                                                                          SHA1:616C276F6632BE2C9C4F60F8F06582FDE300F9A1
                                                                                                                                                                                                                                                                          SHA-256:8B132276A98B7A181026AE1C803C5E060D8FA7A4007BF88F185DC78B7E7B5106
                                                                                                                                                                                                                                                                          SHA-512:670A77C041A030AB54CD1740BA69E9FE4C0B1F9531C02F9D37DB6A304052E5F909ED22F771009FE6DA41F6E1046FC6B5A21628E1A2AB7E3BE7F3E2F6397B8CB9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/widgets/errorDisplay.js
                                                                                                                                                                                                                                                                          Preview:/**. * Created by hdoan on 5/8/14.. *. * This is used to hide and show the error associated with an input field.. * Used also to mark the container of the input field with a 'hasError' class so when the input has focus, the error container can be shown. * Used also to focus on the first input with an error when the form is invalid due to empty inputs. */.define(['jquery', 'validation', 'backbone'], function($, Validation, Backbone) {...'use strict';....var errorDisplay = {...../**.... * Shows the error container AND visual treatment associated with the input field.... *.... * @param {Object} param - could be an Event object or element.... */....showError: function(param) {.....var $targetElement,......$targetParent;......// If param is an event.....if (param.type === 'focusin') {......$targetElement = $(param.target);......// param is an element.....} else {......$targetElement = param;.....}.....$targetParent = $targetElement.parents('.textInput');......if ($targetParent.hasClass('has

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 969

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 96 x 26, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3737
                                                                                                                                                                                                                                                                          Entropy (8bit):7.906671945599965
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OSDZ/I09Da01l+gmkyTt6Hk8nTqviwYZP2H51:OSDS0tKg9E05Tqviw6451
                                                                                                                                                                                                                                                                          MD5:1626F52ADDB7C56FE3679D82108C62E9
                                                                                                                                                                                                                                                                          SHA1:2B414092D66ECFF528950093A655F755C3C7F3B5
                                                                                                                                                                                                                                                                          SHA-256:AE9F6C61E25D15882BF57BDE193D10D375BD315C9741CABDA11D700FD1BB7DD1
                                                                                                                                                                                                                                                                          SHA-512:05548831477CC421556C404F3411F581E98A84FF2E699882CB4F5DCA17D1C5F77B55ED2B8211EEC32D0A4317BE1C4EBC636277F840262491B753415F6F198276
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...`.........H!Y.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 970

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2974
                                                                                                                                                                                                                                                                          Entropy (8bit):4.88985867449781
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ykrs/BqPgeFo5BwsbQwTIcACGWS29oXuseVzxdor2BFKH9zlnBJN4m:YkqBogKo8skwTIxCK2rsuLKH9JvNP
                                                                                                                                                                                                                                                                          MD5:01BC0C36F25B668C2461BD9AA72CBA12
                                                                                                                                                                                                                                                                          SHA1:36AA5EFC5A15AF82A9489BB1C34E0C538EE63659
                                                                                                                                                                                                                                                                          SHA-256:E991024988B4CD788022C6387E520882D74EDAC454F880738E5B267B50815404
                                                                                                                                                                                                                                                                          SHA-512:BF7D8020B63E424E744EE5E11FDB6E5B1AD898CF35248572F1D63A788D70FCF03D2CF833AB950D154AB44830511F12B58E0A1625DDE3188AC428FC49483F55C0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/widgets/validation.js
                                                                                                                                                                                                                                                                          Preview:/**. * Created by hdoan on 5/5/14.. *. * Validates form inputs. Will emit Backbone event if input is valid, invalid, or empty.. * The event naming convention is 'valid', 'invalid', or 'empty' followed by the name attribute of the field. *. * For example, if you are validating the email input, the three possible events are as follows:. * 1. 'validemail'. * 2. 'invalidemail'. * 3. 'emptyemail'. */.define(..[ 'jquery', 'backbone', 'underscore' ],...function($, Backbone, _) {...'use strict';....var validation = {.....init: function(view) {.....var elem = view.$el,......fields = elem.find('.validate');......if (fields.length !== 0) {.......// Find all fields with the 'validate' class and onblur add handler to validate......fields.each(function() {.......$(this).on('blur', function (field) {........validation.doValidation(field.target);.......});......});.....}....},...../**.... * Performs the validation.... *.... * @param {Object} target - event object.... */....doValidation: function(targe

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 971

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                                                                                          Entropy (8bit):5.20381739107802
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:ljyWyEc4yCH5GM2+01ghoGbUuRM3m1wh8/bcOQqJOSxsfQwCYklT:zXyC1xoGb1REgOS+fcT
                                                                                                                                                                                                                                                                          MD5:0E7047DEDA25A97B313D0FD4FC504C30
                                                                                                                                                                                                                                                                          SHA1:9B8AB7761CB2734EDEB49462BA8AFB9451F7F282
                                                                                                                                                                                                                                                                          SHA-256:20CB0F9E65748C0EEA506D93543C19D83F27203ED58FA30B1BCA72C6E23F1DCF
                                                                                                                                                                                                                                                                          SHA-512:8F9F6283E4285830641435434B5F32DEA5DBA94498BC0A193F1E3623C870D4EEF69338A71A460AB9256CABEF9779A0F58069C86CAA5DBA0BC3939C4C84294C97
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/PtmfxLVwAb7.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("getContextualParent",["ge"],(function(a,b,c,d,e,f,g){function a(a,b){b===void 0&&(b=!1);var d=!1;a=a;do{if(a instanceof Element){var e=a.getAttribute("data-ownerid");if(e){a=c("ge")(e);d=!0;continue}}a=a.parentNode}while(b&&a&&!d);return a}g["default"]=a}),98);

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 972

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):44
                                                                                                                                                                                                                                                                          Entropy (8bit):4.544325652580697
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:hWikj2hkum0KthOU1:AikjDBr
                                                                                                                                                                                                                                                                          MD5:6D93FDB56B417B26D61378095110EA11
                                                                                                                                                                                                                                                                          SHA1:99C638B5D3CBB852EF664EFC7A1E8282F3997DE9
                                                                                                                                                                                                                                                                          SHA-256:D8F0F15132104CAEF0BADCF8657B9CFCC4237F59AC844DE47E297A2F48E43AD9
                                                                                                                                                                                                                                                                          SHA-512:6A735A16B22DC3152CB359D47C9E51B1117EA624B573F24B4694734F2F90CBFE7ECF5D3684DBCF9CB08FEC7873C5399AAF58C0174A5B60ED93E3D48F971ADF34
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwn2ZtV5zmIo5BIFDYPOwY0SBQ2S9RIrEhAJ48ci2S48zdQSBQ38LUur?alt=proto
                                                                                                                                                                                                                                                                          Preview:ChIKBw2DzsGNGgAKBw2S9RIrGgAKCQoHDfwtS6saAA==

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 973

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Algol 68 source, ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):22992
                                                                                                                                                                                                                                                                          Entropy (8bit):4.318444249541683
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:NjB0PZV5PnJmyymBJERLKDAo00s2kadv9nvMLVAavDAVmm6vi08Bf:pB0VVJmoERLC5xzkaT0imfmt081
                                                                                                                                                                                                                                                                          MD5:E2E8FE02355CC8E6F5BD0A4FD61EA1C3
                                                                                                                                                                                                                                                                          SHA1:B1853D31FB5B0B964B78A79EEF43DDC6BBB60BBA
                                                                                                                                                                                                                                                                          SHA-256:492177839CCABB9A90A35EB4B37E6280D204B8C5F4B3B627E1093AA9DA375326
                                                                                                                                                                                                                                                                          SHA-512:7B5FF6C56A0F3BBB3F0733C612B2F7C5BBB4CC98EF7F141A20C2524ED9F86CB934EFEA9F6F0FAEB2BEC25FCB76CF50775BC3D0B712EAAC442E811B304AB87980
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/lib/dust-helpers.js
                                                                                                                                                                                                                                                                          Preview:/*! dustjs-helpers - v1.5.0.* https://github.com/linkedin/dustjs-helpers.* Copyright (c) 2014 Aleksander Williams; Released under the MIT License */.(function(dust){.. // Use dust's built-in logging when available. var _log = dust.log ? function(msg, level) {. level = level || "INFO";. dust.log(msg, level);. } : function() {};. . var _deprecatedCache = {};. function _deprecated(target) {. if(_deprecatedCache[target]) { return; }. _log("Deprecation warning: " + target + " is deprecated and will be removed in a future version of dustjs-helpers", "WARN");. _log("For help and a deprecation timeline, see https://github.com/linkedin/dustjs-helpers/wiki/Deprecated-Features#" + target.replace(/\W+/g, ""), "WARN");. _deprecatedCache[target] = true;. }. . function isSelect(context) {. var value = context.current();. return typeof value === "object" && value.isSelect === true;. }. . // Utility method : toString() equivale

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 974

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3133
                                                                                                                                                                                                                                                                          Entropy (8bit):5.139941225383131
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:6jdrlNAcMAxvrhq2Pi0Bi8TiGMR0beb8Zp0rrQhrU90LSKjEmOOT8jc1dTZrhq22:OdrlTMAxvrhq2PZB+0SwZp0rh6LMc1pw
                                                                                                                                                                                                                                                                          MD5:BE3248D30C62F281EB6885A57D98A526
                                                                                                                                                                                                                                                                          SHA1:9F45C328C50C26D68341D33B16C7FE7A04FA7F26
                                                                                                                                                                                                                                                                          SHA-256:EE8D7EA50B87CF8151107330FF3F0FC610B96A77E7A1A0ED8FCE87CF51610F54
                                                                                                                                                                                                                                                                          SHA-512:413022A49030FF1F6BDF673C3496EFBBEC41F7C7B8591E46B4D7F580378D073E6435227485EA833EF02CCDFCA301F40EBD05C60CFFE9FB61C020BFA352D30D1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/opinionLab/opinionLabComponent.js
                                                                                                                                                                                                                                                                          Preview:define(['opinionLab', 'onlineOpinionPopup'], function(opinionLab, popup) {...'use strict';..window.PAYPAL = window.PAYPAL ? window.PAYPAL : {};..var opVars = window.PAYPAL.opinionLabVars;.../* Defines the referral URL - Verify */..function paypalURL (pagename) {...var paypalURL = 'https://'.......+ opVars.countryCode.......+ '.paypal.com/'.......+ opVars.languageCode.......+ '/00/'.......+ escape(pagename.replace(/\s|\//g, '_')).......+ '.page';...return paypalURL;..};...function assignSiteCatalystVars() {...if ( typeof opVars.isSiteRedirect !== 'undefined' && typeof opVars.isPaymentFlow !== 'undefined') {....if ( typeof s !== 'undefined') {.....if ( typeof s.pageName !== 'undefined') {......opVars.siteCatalystPageName = s.pageName;.....}.....if ( typeof s.prop7 !== 'undefined') {......opVars.siteCatalystC7 = s.prop7 == "none" ? "Unknown" : s.prop7;.....}.....if ( typeof s.prop5 !== 'undefined') {......opVars.siteCatalystAccountNumber = s.prop5;.....}....}....opinionLab.custom_var = up

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 975

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (511)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2051
                                                                                                                                                                                                                                                                          Entropy (8bit):5.245569770149611
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:x2npr4QxmTJsIxHPTNSxf0gzu590yKECxex3XZKE+:x44wmTJsYH7NGf0gKT0yKE2K3pJ+
                                                                                                                                                                                                                                                                          MD5:A94E7CD86F5824E27720F5D3C712DF9A
                                                                                                                                                                                                                                                                          SHA1:7BF52949685727D7133F452B432A57615E40978F
                                                                                                                                                                                                                                                                          SHA-256:59CE6BDF8E3D17BB68667499C34A3EC32B9F7836DBCA59D03237A4C9FFFEFD35
                                                                                                                                                                                                                                                                          SHA-512:726D7BB3C7D356453A10D590EE4806BDE864FC7E909BA8F03E194B1F1BAA0D65AE8FC89E9E393F2300ED3536969E7445AC39860E3BB0EA338EF19F4B51139B9F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js
                                                                                                                                                                                                                                                                          Preview:'use strict';/*.. Copyright (c) 2016 The Polymer Project Authors. All rights reserved.. This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt. The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt. The complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt. Code distributed by Google as part of the polymer project is also. subject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt.*/.(()=>{if(window.customElements){var h=window.HTMLElement,m=window.customElements.define,n=window.customElements.get,k=new Map,l=new Map,e=!1,f=!1;window.HTMLElement=function(){if(!e){var a=k.get(this.constructor);a=n.call(window.customElements,a);f=!0;return new a}e=!1};window.HTMLElement.prototype=h.prototype;window.HTMLElement.es5Shimmed=!0;Object.defineProperty(window,"customElements",{value:window.customElements,configurable:!0,writable:!0});Object.defineProperty(window.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 976

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):3824
                                                                                                                                                                                                                                                                          Entropy (8bit):5.294305074122082
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SjzdrlxC4UtzM43bHBxn0YEFYGHHoi8MM4nBJAodM4QMhTQYAbbchxnVcJ3ROH8O:wdrlEhLkLtviMBCbcnuAz0hIK5m6mKA
                                                                                                                                                                                                                                                                          MD5:6F1A28AC77F6C6F42D972D117BD2169A
                                                                                                                                                                                                                                                                          SHA1:6A02B0695794F40631A3F16DA33D4578A9CCF1DC
                                                                                                                                                                                                                                                                          SHA-256:3BFDB2200744D989CEAD47443B7720AFF9D032ABD9B412B141BD89BCD7619171
                                                                                                                                                                                                                                                                          SHA-512:70F8A714550CDCB7FCDBC3E8BAD372A679DF15382EEBF546B7E5B18CF4BA53EA74AB19BBA154F3FC177F92ED4245A243621927FCF91125911B06E39D58AF7144
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.paypalobjects.com/web/res/139/80c1f5bab27549ff63ea055638e94/js/opinionLab/onlineOpinionPopup.js
                                                                                                                                                                                                                                                                          Preview:/*. Spec #22956 OpinionLab. */..define(['opinionLab'], function(opinionLab) {...'use strict';..window.PAYPAL = window.PAYPAL ? window.PAYPAL : {};..var opVars = window.PAYPAL.opinionLabVars;...function showpopup(redirectTo) {...var mywin;...mywin = window.open('', '', 'top=3000,left=3000,width=1,height=1,menubar=0,scrollbars=0,resizeable=1');...if (mywin) {....mywin.document.open....var myURL = ""...../* This JS is customized for sparta because a JS call..... /* Comparing with corresponding XPT code - Removed the External opinionlab js from the popup content as it could not be loaded due to path issue */.....var HTML_txt = "<html><scr" + "ipt language='javascript'>";....HTML_txt = HTML_txt + "_hr='" + opinionLab._hr + "';";....HTML_txt = HTML_txt + "_ht='" + opinionLab._ht + "';";....HTML_txt = HTML_txt + "custom_var='" + opinionLab.custom_var + "';";.....if (( typeof opinionLab.baseurl == 'undefined')) {....} else {.....HTML_txt = HTML_txt + "baseurl='" + opinionLab.baseurl + "';";...

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 977

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (438)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1047
                                                                                                                                                                                                                                                                          Entropy (8bit):5.370947681400899
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:cyCHCL+sUh4zPEI9EWpcXPCwKc0lWrWOfhOrCglWrWOfhO8:YHTs34IWp6+3zf3r
                                                                                                                                                                                                                                                                          MD5:787BC054ADACE94E0BACCFE0525D84C1
                                                                                                                                                                                                                                                                          SHA1:D64A069FE8E62E7FEBEEB78F21AF5D45CFBC995E
                                                                                                                                                                                                                                                                          SHA-256:873EDBB1E4FEE287F44F1565D4C9DF82B727D59A398092E3D278D14DA203A372
                                                                                                                                                                                                                                                                          SHA-512:B1E3F8C36E178E6C788BD4F9319A041A430C332163B22E5A1D118AD3D8689A27A13F0FC98BAA27C25EECBF31F442C7B384CB830B899699F0CE849187FD88E0D9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/GIlJjyzEguQ.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("Deferred",["Promise"],(function(a,b,c,d,e,f){"use strict";var g;(g||(g=b("Promise"))).resolve();a=function(){function a(a){var c=this;a=a||g||(g=b("Promise"));this.$1=!1;this.$2=new a(function(a,b){c.$3=a,c.$4=b})}var c=a.prototype;c.getPromise=function(){return this.$2};c.resolve=function(a){this.$1=!0,this.$3(a)};c.reject=function(a){this.$1=!0,this.$4(a)};c.isSettled=function(){return this.$1};return a}();f["default"]=a}),66);.__d("isHorizonDotMetaDotComURI",[],(function(a,b,c,d,e,f){var g=new RegExp("(^|\\.)horizon\\.meta\\.com$","i"),h=["https"];function a(a){if(a.isEmpty()&&a.toString()!=="#")return!1;return!a.getDomain()&&!a.getProtocol()?!1:h.indexOf(a.getProtocol())!==-1&&g.test(a.getDomain())}f["default"]=a}),66);.__d("isWorkroomsDotComURI",[],(function(a,b,c,d,e,f){var g=new RegExp("(^|\\.)workrooms\\.com$","i"),h=["https"];function a(a){if(a.isEmpty()&&a.toString()!=="#")return!1;return!a.getDomain()&&!a.getProtocol()?!1:h.indexOf(a.getProtocol())!==

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 978

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (10220)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):88426
                                                                                                                                                                                                                                                                          Entropy (8bit):5.426752026564998
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:R6+gtJGDpo36tlQzGdHaOMjQsd0ir53jQ49eWIYPNUVWZGEyF7WnzIPTydu3L6mP:R6htMD636tLdHaOMj0hDILscoJWG9Z
                                                                                                                                                                                                                                                                          MD5:225E330370FBF893D7FBBC6BB37068FE
                                                                                                                                                                                                                                                                          SHA1:BBCBBF904E8945EE51F075CB0EB47E6CB379171C
                                                                                                                                                                                                                                                                          SHA-256:2686CEEF4E67DBFCE28B6A5BBFD0FF87023FD4F3D6827C683CC3FC724ECD875C
                                                                                                                                                                                                                                                                          SHA-512:368AC9A9DDC7A4C2581F0A45CDCC8AA9055B7196EBD29F434E4672F9DAB9FC88E14BFEA735BF8CF372DEB5323867688EF20974F3DB517854C547E8F71B15EEE8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3i2jS4/yv/l/en_US/oXonUJoIHYG.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("CometObjectFitContainer.react",["cr:964538","isStringNullOrEmpty","react","stylex","unrecoverableViolation"],(function(a,b,c,d,e,f,g){"use strict";var h,i,j=i||d("react"),k={inner:{height:"x5yr21d",position:"x1n2onr6",width:"xh8yej3",$$css:!0},innerWithAspectRatio:{bottom:"x1ey2m1c",boxSizing:"x9f619",end:"xds687c",left:null,right:null,position:"x10l6tqk",start:"x17qophe",top:"x13vifvy",$$css:!0},outer:{height:"x5yr21d",position:"x1n2onr6",width:"xh8yej3",$$css:!0},outerWithAspectRatio:{height:"xt7dq6l",$$css:!0}};function l(a){var b=a.children,d=a.debugRole;d=a.innerInlineStyle;var e=a.innerXStyle,f=a.outerInlineStyle,g=a.outerRef,i=a.outerXStyle;a=a.testid;var l=c("isStringNullOrEmpty")(a)?void 0:a+"-outer";l=c("isStringNullOrEmpty")(a)?void 0:a+"-inner";return j.jsx("div",babelHelpers["extends"]({},{},{className:(h||(h=c("stylex")))(k.outer,i),"data-testid":void 0,ref:g,style:f,children:j.jsx("div",babelHelpers["extends"]({},{},{className:h(k.inner,e),"data-t

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 979

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (24681), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):60745
                                                                                                                                                                                                                                                                          Entropy (8bit):5.236091153844875
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:AErpvhD+0KEApMyw+l/oOJz9WwymlgaUYCOlb+OeaLJIt:AEd5DuEhZSyuLJIt
                                                                                                                                                                                                                                                                          MD5:CF024D0C5ECF2573EEE9680324618463
                                                                                                                                                                                                                                                                          SHA1:7A20B64774D82AB253D165E73D2891E546300217
                                                                                                                                                                                                                                                                          SHA-256:0560F2B96D856CCBF3DED729403B529CE7AC740EB06F57739751AED3F99ED54C
                                                                                                                                                                                                                                                                          SHA-512:83D2E6432EEF13CB879111EFD7D385D469234CB1AD543374B1FD63ECF54E085388E86E5DB6518ED1475761EE52E8A75B563800950CD730A10F2003583DBAFA96
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/shared/javascript/login.js?v=zwJNDF7PJXPu&l=english
                                                                                                                                                                                                                                                                          Preview:"use strict";....function CLoginPromptManager( strBaseURL, rgOptions )..{...// normalize with trailing slash...this.m_strBaseURL = strBaseURL + ( strBaseURL.substr(-1) == '/' ? '' : '/' ) + ( this.m_bIsMobile ? 'mobilelogin' : 'login' ) + '/';...this.m_strSiteBaseURL = strBaseURL; // Actual base url, not the login base url above......// read options...rgOptions = rgOptions || {};...this.m_bIsMobile = rgOptions.bIsMobile || false;...this.m_strMobileClientType = rgOptions.strMobileClientType || '';...this.m_strMobileClientVersion = rgOptions.strMobileClientVersion || '';...this.m_bIsMobileSteamClient = ( this.m_strMobileClientType ? true : false );...this.m_bMobileClientSupportsPostMessage = rgOptions.bMobileClientSupportsPostMessage || false;.....this.m_$LogonForm = $JFromIDOrElement( rgOptions.elLogonForm || document.forms['logon'] );.....this.m_fnOnFailure = rgOptions.fnOnFailure || null;...this.m_fnOnSuccess = rgOptions.fnOnSuccess || null;.....this.m_strRedirectURL = rgOptions.strRe

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 980

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):10863
                                                                                                                                                                                                                                                                          Entropy (8bit):7.893336023408476
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:5ARjfa23tAJsqmbZEyI3ImwTHVeVUzp7C+22Z6XikPFffq0BV0FIZLKePlOoYWn4:5AfaItAJsfElI3jVwUzpC+JqNfC0wFIM
                                                                                                                                                                                                                                                                          MD5:A4E79C73EE13CB25B60FC4B0BA1F690C
                                                                                                                                                                                                                                                                          SHA1:B690C31B2EB1B0EB085E91AAAE7E79F03DEBE7C1
                                                                                                                                                                                                                                                                          SHA-256:6CB869DF089146C12EFB5E9C968E911C314842624BA6F052A11346AC734CADC8
                                                                                                                                                                                                                                                                          SHA-512:AAD423119F410A655F0AA475D2FE692087D7262C3986CE71347981C5B60F6A10031D7050BF9B9AEE4E7D84D814F0B8883C964028FCBE14ED3464602F3BA6CEC3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............4.i{....sRGB.........gAMA......a.....pHYs..........o.d..).IDATx^...}U......|.hp(..%1..H.DQ..(..H..HF..H..(.B1...hP.B1.."1..")...(."..I.".x.....:.9.......>.c....~....>..c.....7O?..sDDDDD.....QDDDDD.......S...g.Nj..........h.EDDD.F........N;.B.r..!.%.phm.9.....\DDDdr4.25..].:/..?%4...a...}.H.........]..!..qm.....|m..]DDDdp4.24...$....R..>....{..y.""""..A.! .....C.s.....0......""""}.A.>...{Co.../,..K1._.Qt*"""r..t..r.?.z..l.`.?......tB...@^..Ctb...h...QuZ;....$.A.\..zW.cN.r..c!"._....""".....pY..C.$.'CD.?......N4..+B..1PH.CD....`DDDDZ..G.6...G.!........Bg......M4..r...".\....OB..../""".....&Dy...1..:.\.bJ......t9.....2..w"....&....H.....C..!...t0...Qu...Y(F..u._.4..C..v0.Z....."./.....:eu&%@..B....""".@LqY&.?RZ.^.I..(ty.....,....xA.^.....oCo..|u&""".G..,.......S.KC.b...Y../.".?.i...;....SDDDf..}.\."rNz...u...:.UDDd.h......)_?....z..LDDDf..}.."r.9....].......Ht..6D..I.3.#..l.EDDd.h.....9.2_..zG..........8;..|..9..wWg"""

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 981

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (8621)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15495
                                                                                                                                                                                                                                                                          Entropy (8bit):5.318871144455677
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:QIim0sKymy8W2Cu20u6ZgMiWWIRBz/qUBCuvw4Im+gSU8qH:QIim0sKymy8W2Cu20u6SMiNckECuvw4N
                                                                                                                                                                                                                                                                          MD5:B05893251BC2DAD671E9B2EE422E62E3
                                                                                                                                                                                                                                                                          SHA1:37DDE51EE6B9C395D1B691A7B5229CBDD7D56A37
                                                                                                                                                                                                                                                                          SHA-256:3AD9956095340BB1C1689EB7F5868FEB2E18D5C5C155FB3349F188C2CEEA7AE4
                                                                                                                                                                                                                                                                          SHA-512:BB2BEE58DDAE3A69EA1A34B3E459016DD699034BA6F7FE1FAD9597FCE4CAC3AA38FA9E1BBFB2A6D6E3E0FA373D846C9665225E4F4EE85BE4A6E7D5EB6D741EFA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("XControllerURIBuilder",["invariant","URI","gkx","isInternalFBURI"],(function(a,b,c,d,e,f,g,h){var i;a=function(){function a(a,b){this.$1={},this.$2=a,this.$3=b}var b=a.prototype;b.setInt=function(a,b){return this.__setParam(a,"Int",b)};b.setFBID=function(a,b){return this.__setParam(a,"FBID",b)};b.setFloat=function(a,b){return this.__setParam(a,"Float",b)};b.setString=function(a,b){return this.__setParam(a,"String",b)};b.setExists=function(a,b){b===!1&&(b=void 0);return this.__setParam(a,"Exists",b)};b.setBool=function(a,b){return this.__setParam(a,"Bool",b)};b.setBoolVector=function(a,b){return this.__setParam(a,"BoolVector",b)};b.setEnum=function(a,b){return this.__setParam(a,"Enum",b)};b.setPath=function(a,b){return this.__setParam(a,"Path",b)};b.setIntVector=function(a,b){return this.__setParam(a,"IntVector",b)};b.setIntKeyset=function(a,b){return this.__setParam(a,"IntKeyset",b)};b.setIntSet=function(a,b){return this.__setParam(a,"IntSet",b.join(","))};b.set

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 982

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):136131
                                                                                                                                                                                                                                                                          Entropy (8bit):5.310312873824174
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:LZuIBobvWngB3xfemTMFPKEEwt/1TJO0MMx4TEZ5jpYwr0svwWVjg9WQ:LNNFPKEE6AfMlZ5jWs0svwWVjg9b
                                                                                                                                                                                                                                                                          MD5:EE9855C647756A4B8377A5F755A468A2
                                                                                                                                                                                                                                                                          SHA1:59352C76AA273D9C49C7D48541BC45F82BD6CC87
                                                                                                                                                                                                                                                                          SHA-256:FF548512B3096AE8062B4ECB74691941B0689AE162F94EE086EB0ED9727E1F55
                                                                                                                                                                                                                                                                          SHA-512:ACA0C683979CE67311997CA2D40D6AF9FC44E75C7A263698DD75C4B30405CA9F000775BEA9964B099A3A0C9856ECC56E859AF9CD793F9CB5E31EA4F6D88D2C6B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/css/v6/store.css?v=KuXmCvOI_3Nk&l=english
                                                                                                                                                                                                                                                                          Preview:..* {...padding: 0;...margin: 0;..}....img {...border: none;..}......a {...text-decoration: none;...color: #ffffff;..}.......a:focus {...outline: 0px none;..}....a:hover {...text-decoration: none;.. color: #66c0f4;..}....a.nohover:hover {...text-decoration: none;..}......html {...height: 100%;..}....body.v6 {...position: relative;...min-height: 100%;...font-family: Arial, Helvetica, sans-serif;...color: #c6d4df;...font-size: 12px;..}....body.v6.in_client {...background-position: center top;..}....body.v6.game_bg {.. background: #1b2838;..}....body.v6 > div#global_header {...border-bottom-color: #171a21;..}.....v6_bg {.../* background: url( '/public/images/v6/tag_browse_header_bg.png' ) no-repeat center top; */..}....body.blue .v6_bg {...background:....url( '/public/images/v6/blue_top_center.png' ) center top no-repeat,....url( '/public/images/v6/blue_top_repeat.png' ) center top repeat-x..;.....min-height: 370px;..}....body.v6 div#store_header {...background-color: transparent;..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 983

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (381), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):87999
                                                                                                                                                                                                                                                                          Entropy (8bit):5.29283315615
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:qOpYuxcehc6Ac/Ere3z5N/a8axkLM2EVshJQIxrMKvPQDsPsdCkCatn0noz4:3YjgBMDsoozz
                                                                                                                                                                                                                                                                          MD5:0F4E868A436186D91CB264FE76D8FC4A
                                                                                                                                                                                                                                                                          SHA1:CDCD8C3D78147DC90BD43DCC14DD8CEFFBC0824D
                                                                                                                                                                                                                                                                          SHA-256:A63AF36F69AFC592DEDF33529B7072FA2A1689F6FA862CE0779795C60D5BA352
                                                                                                                                                                                                                                                                          SHA-512:AEB79C9BE6F66E35F1E0FC09DA13D1E1BEB53E5B8F4F0776CB6D7FA55BA953A12BB19E4D47963D519F0979AFB38B0BF2259F9AA4BB1B825050BE34D72CD96E06
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/main.js?v=D06GikNhhtkc&l=english
                                                                                                                                                                                                                                                                          Preview:..function GotFlashPopup()..{...var win = window.open( 'https://store.steampowered.com/gotflash','gotflash','width=536,height=546,resize=yes,scrollbars=yes');...win.focus();..}....//..// Page-able tabs..//..var tabStart = { };..var tabMax = { };..var tabTransition = { };..function PageTab( tab, delta, max, params )..{...if ( tabTransition[tab] )....return;.....if ( !tabStart[tab] )....tabStart[tab] = 0;...if ( !tabMax[tab] )....tabMax[tab] = 0;.....if ( tabStart[tab] + delta >= max )....return;.....tabStart[tab] += delta;...tabTransition[tab] = true;...if ( tabStart[tab] > tabMax[tab] )...{....if ( !params ).....params = {};....params.tab = tab;....params.start = tabStart[tab];....params.count = delta;....new Ajax.Updater(......'tab_' + tab + '_items',......'https://store.steampowered.com/search/tab',......{ parameters: params, method: 'get', insertion: 'bottom', onComplete: TabCompletionClosure( tab, delta, max ) } );....tabMax[tab] = tabStart[tab];...}...else...{....RollTab( tab, del

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 984

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1603)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2753
                                                                                                                                                                                                                                                                          Entropy (8bit):5.358611882556739
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:DySXPpQxpNpm1TsPSnryYmloBclIfQJoCj/f/GHS6Cdy/HHyGIHZ:Hb1TSorkUQSW/nsCqpIHZ
                                                                                                                                                                                                                                                                          MD5:882390F7760FC360A9A3F9883F1CA7C5
                                                                                                                                                                                                                                                                          SHA1:787436E040FEB5ABA36EEF6D798E745885A9B04C
                                                                                                                                                                                                                                                                          SHA-256:D08EF1497DB04A3A04204E5E95910714944E397D8EAF4CC96831AC9399E7254E
                                                                                                                                                                                                                                                                          SHA-512:E4C1F29B0855E64474E065FC054235A0A4C4B63ADF8BED8361CB240002B166436063FBACD482F81C00207C9890D83451B17FE0CBB737291CC8ABE6139ED922C4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/yKDL4VRFtnd.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("throttle",["TimeSlice","TimeSliceInteractionSV","setTimeout","setTimeoutAcrossTransitions"],(function(a,b,c,d,e,f,g){function a(a,b,d){return h(a,b,d,c("setTimeout"),!1)}Object.assign(a,{acrossTransitions:function(a,b,d){return h(a,b,d,c("setTimeoutAcrossTransitions"),!1)},withBlocking:function(a,b,d){return h(a,b,d,c("setTimeout"),!0)},acrossTransitionsWithBlocking:function(a,b,d){return h(a,b,d,c("setTimeoutAcrossTransitions"),!0)}});function h(a,b,d,e,f){var g=b==null?100:b,h,i=null,j=0,k=null,l=[],m=c("TimeSlice").guard(function(){j=Date.now();if(i){var b=function(b){a.apply(h,b)}.bind(null,i),c=l.length;while(--c>=0)b=l[c].bind(null,b);l=[];b();i=null;k=e(m,g)}else k=null},"throttle_"+g+"_ms",{propagationType:c("TimeSlice").PropagationType.EXECUTION,registerCallStack:!0});m.__SMmeta=a.__SMmeta;return function(){c("TimeSliceInteractionSV").ref_counting_fix&&l.push(c("TimeSlice").getGuardedContinuation("throttleWithContinuation"));for(var a=arguments.length,b

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 985

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1984)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):6499
                                                                                                                                                                                                                                                                          Entropy (8bit):5.238081596406851
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:7AbG7AKxAoAmAkAJkAuBeRALxAHD41Y06E7ocnWra2vsmovSDWiFkUmwqNMJjK+/:MbGMN3db5CeSLxxS5mwgWcaq1Gi72
                                                                                                                                                                                                                                                                          MD5:F06AC7F88877ED1909CD7CC11374A88D
                                                                                                                                                                                                                                                                          SHA1:ADE237B9EF2A2646BDE5F74BE417C78580CA9ABF
                                                                                                                                                                                                                                                                          SHA-256:960D9FFF6E8E52CB5BA8F230904D99623B0B92B36F2ABB37629DAB1FD14D3706
                                                                                                                                                                                                                                                                          SHA-512:F82D1401C415605E804507F297192D98DA697CB8526585AE9554553653E35C846A3539AB31E37A93E98ECFB469862A96563D859697698C3BB50DC6F6F4E616D5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("EventEmitterWithValidation",["BaseEventEmitter"],(function(a,b,c,d,e,f){"use strict";a=function(a){babelHelpers.inheritsLoose(b,a);function b(b,c){var d;d=a.call(this)||this;d.$EventEmitterWithValidation1=Object.keys(b);d.$EventEmitterWithValidation2=Boolean(c);return d}var c=b.prototype;c.emit=function(b){if(this.$EventEmitterWithValidation1.indexOf(b)===-1){if(this.$EventEmitterWithValidation2)return;throw new TypeError(g(b,this.$EventEmitterWithValidation1))}return a.prototype.emit.apply(this,arguments)};return b}(b("BaseEventEmitter"));function g(a,b){a='Unknown event type "'+a+'". ';a+="Known event types: "+b.join(", ")+".";return a}e.exports=a}),null);.__d("mixInEventEmitter",["invariant","EventEmitterWithHolding","EventEmitterWithValidation","EventHolder"],(function(a,b,c,d,e,f,g,h){"use strict";function a(a,b,c){b||h(0,3159);var d=a.prototype||a;d.__eventEmitter&&h(0,3160);a=a.constructor;a&&(a===Object||a===Function||h(0,3161));d.__types=babelHelpers["e

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 986

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3004)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):219321
                                                                                                                                                                                                                                                                          Entropy (8bit):5.458246897095534
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:gIU1gpo2CUIa6/TlMDOtxjuj6WXVB4iP1oFQ6q:gIUipCU7gTG1Bh1uI
                                                                                                                                                                                                                                                                          MD5:6E83EB8FBB6A4F0B8F31564F50C64B18
                                                                                                                                                                                                                                                                          SHA1:6883B22EF5FA9CE6C3AAA4BB3CB1A2E7E7A47BFA
                                                                                                                                                                                                                                                                          SHA-256:7A0FF46AB40684EE9C354325A5D615624F95DE1AB77D1D52657198BBD63EC405
                                                                                                                                                                                                                                                                          SHA-512:3BF02210ABACFD55803F7D36BADC2BE29681A01B16F1312B51B5CAE051A89F880504CE1530A7ADD9BEBE3156A46D0C1A04FFF124635E0069184B98046E50C138
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.nOJ7WSKZu4M.es5.O/am=P8BCEo4FQIyZ5Zy_Z5wcBgAAAAAAAAAAWAPYAQ/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGkhXcT7V5ecQz4-OJohhQZUSpX5A/m=_b,_tp"
                                                                                                                                                                                                                                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x1242c03f, 0x31001638, 0x39ce5998, 0x72719ef, 0x6, 0x0, 0x358000, 0x76, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2013 Google LLC.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Pa,haa,Za,bb,cb,db,eb,iaa,fb,jb,jaa,kaa,ob,naa,paa,qaa,taa,vaa,Kb,zaa,Ob,Aaa,Baa,Tb,Eaa,Gaa,Haa,jc,Iaa,Maa,Naa,Lc,Paa,Qaa,Raa,Qc,Uaa,Taa,Waa,Yc,Xc,Xaa,Zc,Zaa,bd,fd,$aa,aba,qd,pd,ad,Id,iba,kba,lba,gba,mba,oba,pba,Ed,ke,le,ne,ve,zba,Ie,Le,Me,Oe,Cba,Eba,Gba,Hba,Iba,Jba,Mba,Oba,Qba,Rba,Uba,bca,Yba,cca,Ff,Gf,dca,eca,gca,ica,jca,kca,Uf,lca,mca,bg,oca,pca,rca,tca,uca,aaa,vca,ug,wca,wg,xca,yg,Ag,yca,Hg,Ig,Dca,Qg,Rg,Fca;_.aa=function(a){ret

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 987

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (10016)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):46791
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3874439236494815
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:N8Wly3cOPWnysvxaWVv/WXUXd/HZbxJg1BFxvSdxlCdn5PRAS3mjkn:N8Wly3cO8vauH3pHcn5pAS3mjkn
                                                                                                                                                                                                                                                                          MD5:57866721FC345BA9D8FC46172B03914F
                                                                                                                                                                                                                                                                          SHA1:48917F9373F20676ECF6683265149296B84A4270
                                                                                                                                                                                                                                                                          SHA-256:CB6B7B810A9EEA8BF6093A94382F6AF73DE4517A77236CA47518D6D14947A5ED
                                                                                                                                                                                                                                                                          SHA-512:4E658953242DCA75F0793CDB27E723C7659CCC8B31F46E004F680174BADAD41F03A94857EAB929BCA9FBBCF9BC31E1150B08FB2B019F5A539C748E478045B2D3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/y8/l/en_US/Ch_YChJCKQS.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("CacheStorage",["ErrorGuard","ExecutionEnvironment","WebStorage","cr:6943","cr:8958","emptyFunction","err","killswitch"],(function(a,b,c,d,e,f,g){var h,i,j,k="_@_",l="3b",m="CacheStorageVersion",n={length:0,getItem:a=c("emptyFunction"),setItem:a,clear:a,removeItem:a,key:a};d=function(){function a(a){this._store=a}var b=a.prototype;b.getStore=function(){return this._store};b.keys=function(){var a=[];for(var b=0;b<this._store.length;b++){var c=this._store.key(b);c!=null&&a.push(c)}return a};b.get=function(a){return this._store.getItem(a)};b.set=function(a,b){this._store.setItem(a,b)};b.remove=function(a){this._store.removeItem(a)};b.clear=function(){this._store.clear()};b.clearWithPrefix=function(a){a=a||"";var b=this.keys();for(var c=0;c<b.length;c++){var d=b[c];d!=null&&d.startsWith(a)&&this.remove(d)}};return a}();e=function(a){babelHelpers.inheritsLoose(b,a);function b(){var b;return a.call(this,(b=(h||(h=c("WebStorage"))).getLocalStorage())!=null?b:n)||this}b.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 988

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (29578), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):129285
                                                                                                                                                                                                                                                                          Entropy (8bit):5.582957761185715
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:9EJeWhyN5aauUzwX31DXkKZBYjB2nkyqglze5oHsvLNb5O:NzEZg27Fsv1I
                                                                                                                                                                                                                                                                          MD5:EF36695BDC1836BB1652204D75DA4FB3
                                                                                                                                                                                                                                                                          SHA1:E23A294AEBAD515AB8F582E76DBC8E20FD40CA83
                                                                                                                                                                                                                                                                          SHA-256:278703177F507B58AAA357AE939BB557DD2D4E8ECFFB28F8B988C99DAB153C19
                                                                                                                                                                                                                                                                          SHA-512:1A8F35C5F50EB801974C2FBEBAA2F6EB54DAFF6CF67D103C12A824097D5594AE7879A8AAF9C86EBD5E740D618DB7C48A1732E0D7F25E297DD32BC51D123EF831
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=7zZpW9wYNrsW&l=english
                                                                                                                                                                                                                                                                          Preview:............contextmenu_ContextMenuMouseOverlay_pu9cO{position:fixed;top:0;bottom:0;right:0;left:0;z-index:1599}.contextmenu_ContextMenuFocusContainer_2qyBZ:focus{outline:none}.GreenEnvelopeMenu,.contextmenu_contextMenu_LQkrb{position:absolute;opacity:1;background:radial-gradient(ellipse farthest-corner at 50% 0%, #3c4047 0%, #3c4047 50%, #33363d 100%);transition:opacity 200ms;box-shadow:0 10px 32px 0px #000000ab;z-index:1600;user-select:none;padding:4px}.web_chat_frame .contextmenu_contextMenu_LQkrb{max-height:calc(100% - 128px);overflow-y:auto;overflow-x:hidden}.GreenEnvelopeMenu{box-shadow:inset rgba(61,68,80,.75) 1px 1px 1px 0px,inset rgba(61,68,80,.25) -1px -1px 1px 0px;border:1px solid #000;padding:1px}html.contextmenu_ContextMenuPopup_2GpKT .contextmenu_contextMenu_LQkrb{position:static;box-shadow:none;display:inline-block;padding:0}html.contextmenu_ContextMenuPopup_2GpKT .contextmenu_contextMenuContents_2y2tU{padding:4px}html.contextmenu_ContextMenuPopup_2GpKT .contextmenu_cont

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 989

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65371), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1244214
                                                                                                                                                                                                                                                                          Entropy (8bit):5.341630432691725
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4LqVfUTXvn7oOO4HdoWH6NEjHfoP7C3JdSF2V:4LqVwnMOFHzoEV
                                                                                                                                                                                                                                                                          MD5:BC90A43EF3639F9B00952BC557CD81DE
                                                                                                                                                                                                                                                                          SHA1:66368128CA70BFF688FD4647D22B09553AEFFEB0
                                                                                                                                                                                                                                                                          SHA-256:E42C0B9645183EF08B1601DC0CB5F49E2C8B0EB1EE85B4FC8D20AFF612064ACE
                                                                                                                                                                                                                                                                          SHA-512:EDE461F5B62E9BC78AA31DE55C274E97556489D1020DC8817E73A5CF6A7B27E3273248BE8A07516AB3CB52B36FB15FCF5C11E25C768DA79C980DE2C7EE3C7606
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://store.akamai.steamstatic.com/public/javascript/applications/store/libraries~b28b7af69.js?v=vJCkPvNjn5sA&l=english
                                                                                                                                                                                                                                                                          Preview:.........../**** (c) Valve Corporation. Use is governed by the terms of the Steam Subscriber Agreement http://store.steampowered.com/subscriber_agreement/. ..****/..(self.webpackChunkstore=self.webpackChunkstore||[]).push([[3250],{80751:(e,t,r)=>{e.exports=r(19862)},24291:(e,t,r)=>{"use strict";var i=r(86435),n=r(36551),a=r(57675),s=r(35597),o=r(3951),l=r(9452),u=r(11197),c=r(34399),d=r(76e3),g=r(6123),m=r(91586);e.exports=function(e){return new Promise((function(t,r){var p,f=e.data,y=e.headers,b=e.responseType;function _(){e.cancelToken&&e.cancelToken.unsubscribe(p),e.signal&&e.signal.removeEventListener("abort",p)}i.isFormData(f)&&i.isStandardBrowserEnv()&&delete y["Content-Type"];var h=new XMLHttpRequest;if(e.auth){var B=e.auth.username||"",w=e.auth.password?unescape(encodeURIComponent(e.auth.password)):"";y.Authorization="Basic "+btoa(B+":"+w)}var S=o(e.baseURL,e.url);function v(){if(h){var i="getAllResponseHeaders"in h?l(h.getAllResponseHeaders()):null,a={data:b&&"text"!==b&&"json

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 990

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):2228
                                                                                                                                                                                                                                                                          Entropy (8bit):7.82817506159911
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                                                                                                                                                                                                                                                          MD5:EF9941290C50CD3866E2BA6B793F010D
                                                                                                                                                                                                                                                                          SHA1:4736508C795667DCEA21F8D864233031223B7832
                                                                                                                                                                                                                                                                          SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                                                                                                                                                                                                                                                          SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 991

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 15552, version 1.0
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15552
                                                                                                                                                                                                                                                                          Entropy (8bit):7.983966851275127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:HDKhlQ8AGL0dgUoEGBQTc7r6QYMkyr/iobA2E4/jKcJZI7lhzi:jslQ+LhUoTB0Qr6Qjkg/DmcJufzi
                                                                                                                                                                                                                                                                          MD5:285467176F7FE6BB6A9C6873B3DAD2CC
                                                                                                                                                                                                                                                                          SHA1:EA04E4FF5142DDD69307C183DEF721A160E0A64E
                                                                                                                                                                                                                                                                          SHA-256:5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
                                                                                                                                                                                                                                                                          SHA-512:5F9BB763406EA8CE978EC675BD51A0263E9547021EA71188DBD62F0212EB00C1421B750D3B94550B50425BEBFF5F881C41299F6A33BBFA12FB1FF18C12BC7FF1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......<...........<Z.........................d..z..J.`..L.\..<.....<.....^...x.6.$..6. .... ..S..}%.......|....x..[j.E...d..-A...]=sjf$X.o.5......V....i?}.\...;...V......5..mO=,[.B..d'..=..M...q...8..U'..N..G...[..8....Jp..xP...'.?....}.-.1F.C.....%z..#...Q...~.~..3.............r.Xk..v.*.7t.+bw...f..b...q.W..'E.....O..a..HI.....Y.B..i.K.0.:.d.E.Lw....Q..~.6.}B...bT.F.,<./....Qu....|...H....Fk.*-..H..p4.$......{.2.....".T'..........Va.6+.9uv....RW..U$8...p...........H5...B..N..V...{.1....5}p.q6..T...U.P.N...U...!.w..?..mI..8q.}.... >.Z.K.....tq..}.><Ok..w.. ..v....W...{....o...."+#+,..vdt...p.WKK:.p1...3`. 3.......Q.].V.$}.......:.S..bb!I...c.of.2uq.n.MaJ..Cf.......w.$.9C...sj.=...=.Z7...h.w M.D..A.t.....]..GVpL...U(.+.)m..e)..H.}i.o.L...S.r..m..Ko....i..M..J..84.=............S..@......Z.V.E..b...0.....@h>...."$.?....../..?.....?.J.a,..|..d...|`.m5..b..LWc...L...?.G.].i...Q..1.:..LJV.J...bU.2.:\.kt.......t.....k....B..i.z+...........A.....

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 992

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (7609)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):7700
                                                                                                                                                                                                                                                                          Entropy (8bit):5.539239524010296
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:qdsF1GWS7WTaxHX4t7il/thCEZk0KFC8Ur76Wr7kwfY/XHgIlkSe:hUfx34li9thfKFC846cY/XHgH
                                                                                                                                                                                                                                                                          MD5:CFAF2BD836879D676929611319580F4B
                                                                                                                                                                                                                                                                          SHA1:5994CB4B2F482E3377081EA4C3A9AD306F0E7936
                                                                                                                                                                                                                                                                          SHA-256:2EF97C7AEFD93C6B6C3641F45E4ABD970BBF6651848671D31571B55C17E4A2AC
                                                                                                                                                                                                                                                                          SHA-512:715171441D13A097F05D9D86BFE767449FA6CF08FB89FC5535E6D54E0511C6E00492CEB7FD7C617512B1A7057AF27B68A569B2228F9329CCA4E56C1BBD2F6DE2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3/yW/r/IohmRQ2b689.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/../**. * License: https://www.facebook.com/legal/license/6Lnton1H2AA/. */.__d("PolarisInt64",[],(function(a,b,c,d,e,f){Int64=function(a,b){this.low_=a,this.high_=b},Int64.IntCache_={},Int64.fromInt=function(a){if(-128<=a&&a<128){var b=Int64.IntCache_[a];if(b)return b}b=new Int64(a|0,a<0?-1:0);-128<=a&&a<128&&(Int64.IntCache_[a]=b);return b},Int64.fromNumber=function(a){if(isNaN(a)||!isFinite(a))return Int64.ZERO;else if(a<=-Int64.TWO_PWR_63_DBL_)return Int64.MIN_VALUE;else if(a+1>=Int64.TWO_PWR_63_DBL_)return Int64.MAX_VALUE;else if(a<0)return Int64.fromNumber(-a).negate();else return new Int64(a%Int64.TWO_PWR_32_DBL_|0,a/Int64.TWO_PWR_32_DBL_|0)},Int64.fromBits=function(a,b){return new Int64(a,b)},Int64.fromString=function(a,b){if(a.length==0)throw Error("number format error: empty string");b=b||10;if(b<2||36<b)throw Error("radix out of range: "+b);if(a.charAt(0)=="-")return Int64.fromString(a.substring(1),b).negate();else if(a.indexOf("-")>=0)throw Error('number form

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 993

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1210)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):78646
                                                                                                                                                                                                                                                                          Entropy (8bit):5.412136972940148
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:w/Q5Up0BWTFRcxRpIoMwetxBJ9YDf4YRPlF/hyqqR4Qj2W:87mM1OxAx
                                                                                                                                                                                                                                                                          MD5:908E3A26A43D87BAC9396377A9C4B6A8
                                                                                                                                                                                                                                                                          SHA1:B9DDB61F1D0A4ED930881B909D3A4B01B2E62C7A
                                                                                                                                                                                                                                                                          SHA-256:417FD55B390293D45901B37398ACFC8C3B4FEDE6A395F541C2EE48F732990D61
                                                                                                                                                                                                                                                                          SHA-512:4FD58BA30456F96A8704412123BCA4C4A48E976E28BAEADED37232FA7A3C4C3FBAA6B79988DC7190D569D1B6024FB0C2F3EAD621A3E2D280C024D7EEC01011B6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.youtube.com/s/desktop/7197d3dc/jsbin/webcomponents-sd.vflset/webcomponents-sd.js
                                                                                                                                                                                                                                                                          Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}function p(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if("number"==typeof a.length)return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}function q(a){if(!(a instanceof Array)){a=p(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);function r(){for(var a=Number(this),b=[],c=a;c<arguments.length;c++)b[c-a]=arguments[c];return b};/*..Copyright (c) 2016 The Polymer Project Authors. All rights reserved..This code may only be used unde

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 994

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):15344
                                                                                                                                                                                                                                                                          Entropy (8bit):7.984625225844861
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
                                                                                                                                                                                                                                                                          MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                                                                                                                                                                                                                                                          SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                                                                                                                                                                                                                                                          SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                                                                                                                                                                                                                                                          SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                                                                                                                                                                                          Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 995

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):32
                                                                                                                                                                                                                                                                          Entropy (8bit):4.476409765557392
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:H0hCkuWthHeTn:UUkuqxeT
                                                                                                                                                                                                                                                                          MD5:A3144EE887752BC84252FAACD4DFFD83
                                                                                                                                                                                                                                                                          SHA1:172430F70BAEDA54BB9F533293E0E80A2DA5835D
                                                                                                                                                                                                                                                                          SHA-256:8B87CFF79D0F8142D02D4A5991C83A5D59A7733BCB0EBEDD0DE57E559C6EAEFB
                                                                                                                                                                                                                                                                          SHA-512:E366210709098991B8B21140DF48E50CD650E115A30A8A5EEC016B98B077C6DA3FEE972BA219409AD72E85BF575A033E1E9AAC7931B727E4BA15644AAC5349D3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAko6ufIqp3JChIFDVNaR8USEAl_Jiy42EDGqRIFDVNaR8U=?alt=proto
                                                                                                                                                                                                                                                                          Preview:CgkKBw1TWkfFGgAKCQoHDVNaR8UaAA==

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 996

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (629), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):12764
                                                                                                                                                                                                                                                                          Entropy (8bit):5.535964868199459
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:CDfFvVcXIeIHPgkg1RfipJc8dIG4ZLqE8ks18bUlV5o4LYLzsuSd:CDfFvVcXIeIHPgkqRfkc8dIG4ZLqRksB
                                                                                                                                                                                                                                                                          MD5:345A026B83A403145BA4BC5E12256354
                                                                                                                                                                                                                                                                          SHA1:CD76023C54C8E6DEC853441088C388CA6A0BDECD
                                                                                                                                                                                                                                                                          SHA-256:7585F3131AB2EBF7FD36A5A239F4B1089F9A70869099CB0F073C605941ACE3FC
                                                                                                                                                                                                                                                                          SHA-512:8FF5B82F6C3465DC4A311EDEC535E3F4D384CD65BEBBD70E72CCDBD6632D3121386B25A2411FA6AD5E496AB2DED5A18155108E46532169E6FACE4F70BE829D51
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                                                                                                                                                                                                                                                                          Preview:.....a:focus {...outline: 0 none;..}....#headerBar {...text-align:left;...margin:0;...padding:0;...background-color:#111111;...width:100%;...color:#545454;...font-size:10px;...margin-bottom:0;..}....a.headerLink,a.headerLink:active,a.headerLink:visited,a.headerLink:hover {...text-decoration:none;...color:#959595;..}....#headerRight {...float:right;...padding:0;...margin:0;...padding-right:27px;..}....#headerLinks>p {...margin-bottom:0;...padding-bottom:0;..}....#headerRight .personaName {...color:#cfcfcf;..}.....headerLinkActive {...color:#cfcfcf;...font-weight:bold;..}....#steamLogo {...float:left;...margin:0;...padding:0;...width:105px;...height:54px;..}....#steamText {...margin:0;...padding:0;...height:35px;..}....#headerLinks {...margin:0;...padding:0;...height:19px;..}....#headerLinks>p {...padding-left:6px;..}....#subHeader {...position:relative;...margin:0;...padding:0;...height:36px;...background-image:url('https://community.akamai.steamstatic.com/public/images/header/lowerBarB

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 997

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1825)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1983
                                                                                                                                                                                                                                                                          Entropy (8bit):5.342609235999774
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:iIc2PdUyRjWRerKZ3kwFbGzC7YlqU+05Mg5ct4EYWmj:A2FUCjHKZ39hGzC7YP5GYt
                                                                                                                                                                                                                                                                          MD5:B5A6092B2B71C8C2C2AD4FE3BFF096F1
                                                                                                                                                                                                                                                                          SHA1:FA5913066CFED75AF6CC9D4A77E1D099D60C8482
                                                                                                                                                                                                                                                                          SHA-256:2F6AA3A53B28FCA8EACF9E3D23DCC477C7179ADB21EC4AAE8ADE96D2E18D9380
                                                                                                                                                                                                                                                                          SHA-512:326AE50ABAEF1D6C9EDC82DB3C3398A6993F5D58E548339410AE5477B5FA7CD55EFE66B9111D751FE00B1970A22081A4371356F29802EC2EDE2CDDD630D25722
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://abs.twimg.com/responsive-web/client-web/shared~loader.AppModules~bundle.Conversation.9e85395a.js
                                                                                                                                                                                                                                                                          Preview:"use strict";(self.webpackChunk_twitter_responsive_web=self.webpackChunk_twitter_responsive_web||[]).push([["shared~loader.AppModules~bundle.Conversation"],{145925:(e,r,t)=>{t.d(r,{zI:()=>s,ti:()=>f,bi:()=>c});t(750519),t(906886),t(875640);var n=t(824797),l=t(397871),a=t(134615);const i=Object.freeze({Web:0,Email:1,Partner:2,Market:3,Access:4});function s(e){var r,t,s,f;let c={};const{emptyIfServerRendered:o=!0}=e;const{httpReferer:u=(null!=(r=document.referrer)?r:""),query:_=(null!=(t=window.location.search)?t:{}),requestUrl:p=window.location.href}=e,{cn:d,iid:w,nid:b,original_referer:h,partner:g,ref_src:y,ref_url:m,refsrc:v,s:k,uid:W,url:$}=function(e){const r={};return["cn","iid","original_referer","nid","refsrc","ref_src","ref_url","s","partner","uid","url"].forEach((t=>{r[t]=(0,l.BX)(e[t])})),r}(_);let A=Object.freeze({});if(null!=e.referralMapping?A=e.referralMapping:null!=e.featureSwitches&&(A=function(e){const r={},t=e.getArrayValue("shortened_tracking_parameters_mapping");for(

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 998

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 1 x 1, 1-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):95
                                                                                                                                                                                                                                                                          Entropy (8bit):4.381705050636977
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlE+kSI+Dtmy/Y+sR3sdsXxqtQAltjp:6v/lhPfkCDtmywFWsXxWVXjp
                                                                                                                                                                                                                                                                          MD5:39C11D656220EFD52F4965400D14900A
                                                                                                                                                                                                                                                                          SHA1:327050099CEE8D1AD81E7BFBE5CA2EA057780A87
                                                                                                                                                                                                                                                                          SHA-256:C0F9968D0FA5F4DEFF86BABCCD6DF52306138314607A6F3F0ACD2E7AFC783D1C
                                                                                                                                                                                                                                                                          SHA-512:B64595AD189620EA7A10715B0F84C30134CAA4BAB0F7FBA8E53438577BD33310939F2B4FACCC4D7152A3B279B641436E84211DB06FA9DB50FC0E9A1E83760B63
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............%.V.....PLTE....z=.....tRNS..31x....IDAT..c`........5.....IEND.B`.

                                                                                                                                                                                                                                                                          Chrome Cache Entry: 999

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5291)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):191191
                                                                                                                                                                                                                                                                          Entropy (8bit):5.416781168794622
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:1DFiYmkf05rDm3HXOlNSLjHEp2uU1UMqOH8CMyY+bvnnDBPL9S7WJrebpXjIXR2c:1DFiDG33ZLjkpsUMEyNnnTS7WJSI
                                                                                                                                                                                                                                                                          MD5:4C414EAB0D8078E607A5E8D86C26F360
                                                                                                                                                                                                                                                                          SHA1:449AF013DE068D2365C3D4795F9F9AC228761CAE
                                                                                                                                                                                                                                                                          SHA-256:3C5E7D8D5C57E83E68377A9DDD41AC08A81B1D9B0127691EDD8F26477E47F043
                                                                                                                                                                                                                                                                          SHA-512:628E717BD4662AF48F39EA70B28F285925CBD9413D41828E3BB0F729DE0E912415B7BCCFAA71EA6E3472B5C4579C1FD28F8306AA3F6DD07865C761FA003DA762
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://static.cdninstagram.com/rsrc.php/v3iDrf4/y5/l/en_US/o_JvJBlABI7.js?_nc_x=Ij3Wp8lg5Kz
                                                                                                                                                                                                                                                                          Preview:;/*FB_PKG_DELIM*/..__d("PolarisAPIFetchBatchQuickPromotionsQuery.graphql",[],(function(a,b,c,d,e,f){"use strict";a=function(){var a={defaultValue:null,kind:"LocalArgument",name:"request_data"},b={defaultValue:null,kind:"LocalArgument",name:"scale"},c={defaultValue:null,kind:"LocalArgument",name:"surfaces_to_queries"},d={defaultValue:null,kind:"LocalArgument",name:"vc_policy"},e={defaultValue:null,kind:"LocalArgument",name:"version"},f=[{alias:null,args:[{kind:"Variable",name:"_request_data",variableName:"request_data"},{kind:"Variable",name:"scale",variableName:"scale"},{kind:"Variable",name:"surfaces_to_queries",variableName:"surfaces_to_queries"},{kind:"Variable",name:"vc_policy",variableName:"vc_policy"},{kind:"Variable",name:"version",variableName:"version"}],concreteType:"XDTBatchedQuickPromotionResponse",kind:"LinkedField",name:"xdt_qp_batch_fetch",plural:!1,selections:[{alias:null,args:null,kind:"ScalarField",name:"qp_data",storageKey:null},{alias:null,args:null,kind:"ScalarFiel

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):6.651826632483482
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                          File name:SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          File size:1'509'376 bytes
                                                                                                                                                                                                                                                                          MD5:2f2acbfb946b202fe77660b2a735a197
                                                                                                                                                                                                                                                                          SHA1:fd4738c226bf7672880144aad0135576ad3c1fa4
                                                                                                                                                                                                                                                                          SHA256:2eb564562fc5d4d4ab4efca29e542ba64da9b04a58b7c6a39ace4e53ad12273a
                                                                                                                                                                                                                                                                          SHA512:05a943ddb4a808eee6f05ec091eb9e751602dbc2c7b8b8b27cfdf00274002434aa2718246ca77f6932059ad597de51b422f06717c343d4f9aaab9e4d0d44640f
                                                                                                                                                                                                                                                                          SSDEEP:24576:nUalkVcJGB7FyCTEaYtT9SfVK5Y3IexDzSf3Z8MQQvTICTNiTPUXl7TP8o1Cl8:nyWJG7yUVYtT8RSPKqvTVTUs9TP8o1Cm
                                                                                                                                                                                                                                                                          TLSH:A9659E627292D079D1C113F1257D6FE1C2EC6E719BA284CBB3C01E3AA5B11D2B539E1B
                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......C...............L.......L.......L.......H.G.....H.......H.......H...R...L.......L.......L.........................E.......-....

                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                          Icon Hash:1432b292d6381803

                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Entrypoint:0x4fb48b
                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x65996737 [Sat Jan 6 14:44:07 2024 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                          Import Hash:96fa9927288c4f8325d3528d85326fb2

                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          call 00007FBE6D163FC7h
                                                                                                                                                                                                                                                                          jmp 00007FBE6D16378Fh
                                                                                                                                                                                                                                                                          cmp ecx, dword ptr [0055A048h]
                                                                                                                                                                                                                                                                          jne 00007FBE6D163913h
                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                          jmp 00007FBE6D1640E7h
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                          and dword ptr [0055C328h], 00000000h
                                                                                                                                                                                                                                                                          sub esp, 24h
                                                                                                                                                                                                                                                                          or dword ptr [0055A050h], 01h
                                                                                                                                                                                                                                                                          push 0000000Ah
                                                                                                                                                                                                                                                                          call dword ptr [0052E0E0h]
                                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                                          je 00007FBE6D163AC2h
                                                                                                                                                                                                                                                                          and dword ptr [ebp-10h], 00000000h
                                                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                                                                                          lea edi, dword ptr [ebp-24h]
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          cpuid
                                                                                                                                                                                                                                                                          mov esi, ebx
                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                                                                          mov dword ptr [edi], eax
                                                                                                                                                                                                                                                                          mov dword ptr [edi+04h], esi
                                                                                                                                                                                                                                                                          mov dword ptr [edi+08h], ecx
                                                                                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                                                                                          mov dword ptr [edi+0Ch], edx
                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-24h]
                                                                                                                                                                                                                                                                          mov edi, dword ptr [ebp-20h]
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-0Ch], eax
                                                                                                                                                                                                                                                                          xor edi, 756E6547h
                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-18h]
                                                                                                                                                                                                                                                                          xor eax, 49656E69h
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-1Ch]
                                                                                                                                                                                                                                                                          xor eax, 6C65746Eh
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                                                          inc eax
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          cpuid
                                                                                                                                                                                                                                                                          mov esi, ebx
                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                                                                          lea ebx, dword ptr [ebp-24h]
                                                                                                                                                                                                                                                                          mov dword ptr [ebx], eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                                          or eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                                                          or eax, edi
                                                                                                                                                                                                                                                                          mov dword ptr [ebx+04h], esi
                                                                                                                                                                                                                                                                          mov dword ptr [ebx+08h], ecx
                                                                                                                                                                                                                                                                          mov dword ptr [ebx+0Ch], edx
                                                                                                                                                                                                                                                                          jne 00007FBE6D163955h
                                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-24h]
                                                                                                                                                                                                                                                                          and eax, 0FFF3FF0h
                                                                                                                                                                                                                                                                          cmp eax, 000106C0h
                                                                                                                                                                                                                                                                          je 00007FBE6D163935h
                                                                                                                                                                                                                                                                          cmp eax, 00020660h
                                                                                                                                                                                                                                                                          je 00007FBE6D16392Eh
                                                                                                                                                                                                                                                                          cmp eax, 00020670h
                                                                                                                                                                                                                                                                          je 00007FBE6D163927h
                                                                                                                                                                                                                                                                          cmp eax, 00030650h

                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1582c40x104.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x15e0000xb828.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x16a0000xa934.reloc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x14a2a80x38.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x14a1e80x40.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x12e0000x38c.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          .text0x10000x12c6e80x12c800False0.4721947795341098data6.620456398727848IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rdata0x12e0000x2b71e0x2b800False0.48376885775862066data5.779626149583225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .data0x15a0000x36e00x2000False0.211181640625DOS executable (block device driver)3.501195646169005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .rsrc0x15e0000xb8280xba00False0.21940104166666666data4.161254786916944IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .reloc0x16a0000xa9340xaa00False0.6230928308823529data6.6329469459556964IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          RT_ICON0x15e4680xb228Device independent bitmap graphic, 86 x 256 x 32, image size 44032, resolution 11811 x 11811 px/mRussianRussia0.21213383616909315
                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x1696900x14dataRussianRussia1.15
                                                                                                                                                                                                                                                                          RT_VERSION0x15e1300x338dataRussianRussia0.46116504854368934
                                                                                                                                                                                                                                                                          RT_MANIFEST0x1696a80x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          KERNEL32.dllGetVolumeInformationA, WaitForSingleObject, LocalAlloc, GetCurrentThreadId, GetModuleHandleA, GetLocaleInfoA, OpenProcess, CreateToolhelp32Snapshot, MultiByteToWideChar, Sleep, GetTempPathA, GetModuleHandleExA, GetTimeZoneInformation, GetTickCount64, CopyFileA, GetLastError, GetFileAttributesA, TzSpecificLocalTimeToSystemTime, CreateFileA, SetEvent, TerminateThread, LoadLibraryA, GetVersionExA, DeleteFileA, Process32Next, CloseHandle, GetSystemInfo, CreateThread, ResetEvent, GetWindowsDirectoryA, HeapAlloc, SetFileAttributesA, GetLocalTime, GetProcAddress, VirtualAllocEx, LocalFree, IsProcessorFeaturePresent, GetFileSize, RemoveDirectoryA, ReadProcessMemory, GetCurrentProcessId, GetProcessHeap, GlobalMemoryStatusEx, FreeLibrary, WideCharToMultiByte, CreateRemoteThread, CreateDirectoryA, GetSystemTime, CreateMutexA, CreateEventA, GetPrivateProfileStringA, IsWow64Process, IsDebuggerPresent, VirtualQueryEx, GetComputerNameA, SetUnhandledExceptionFilter, GetUserDefaultLocaleName, lstrcpynA, SetFilePointer, CreateFileW, AreFileApisANSI, EnterCriticalSection, GetFullPathNameW, GetDiskFreeSpaceW, LockFile, LeaveCriticalSection, InitializeCriticalSection, GetFullPathNameA, SetEndOfFile, GetTempPathW, GetFileAttributesW, FormatMessageW, GetDiskFreeSpaceA, DeleteFileW, UnlockFile, LockFileEx, DeleteCriticalSection, GetSystemTimeAsFileTime, FormatMessageA, QueryPerformanceCounter, GetTickCount, FlushFileBuffers, HeapSize, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, SetStdHandle, HeapReAlloc, FindClose, lstrlenA, InitializeCriticalSectionEx, FindNextFileA, TerminateProcess, OutputDebugStringA, WriteFile, GetCurrentProcess, HeapFree, FindFirstFileA, WriteProcessMemory, Process32First, GetPrivateProfileSectionNamesA, GetModuleFileNameA, WriteConsoleW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, GetFileSizeEx, GetConsoleOutputCP, ReadConsoleW, GetConsoleMode, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, ExitProcess, GetFileType, SetFilePointerEx, LoadLibraryExW, ReadFile, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, SetLastError, RaiseException, RtlUnwind, InitializeSListHead, GetStartupInfoW, UnhandledExceptionFilter, GetStringTypeW, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, GetFinalPathNameByHandleW, GetModuleHandleW, GetFileInformationByHandleEx, GetLocaleInfoEx, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, LCMapStringEx, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo
                                                                                                                                                                                                                                                                          USER32.dllwsprintfA, GetSystemMetrics, GetDesktopWindow, GetWindowRect, EnumDisplayDevicesA, ReleaseDC, GetDC, GetKeyboardLayoutList, GetCursorPos, CharNextA
                                                                                                                                                                                                                                                                          GDI32.dllCreateCompatibleBitmap, SelectObject, CreateCompatibleDC, DeleteObject, BitBlt
                                                                                                                                                                                                                                                                          ADVAPI32.dllCredEnumerateA, RegOpenKeyExA, RegEnumKeyA, RegCloseKey, GetCurrentHwProfileA, RegQueryValueExA, RegEnumKeyExA, RegCreateKeyExA, CredFree, GetUserNameA, RegSetValueExA
                                                                                                                                                                                                                                                                          SHELL32.dllSHGetFolderPathA, ShellExecuteA
                                                                                                                                                                                                                                                                          ole32.dllCoInitializeEx, CoInitialize, CoUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                          WS2_32.dllshutdown, getaddrinfo, WSAStartup, send, socket, connect, recv, freeaddrinfo, setsockopt, WSAGetLastError, WSACleanup, closesocket
                                                                                                                                                                                                                                                                          CRYPT32.dllCryptUnprotectData
                                                                                                                                                                                                                                                                          SHLWAPI.dllPathFindExtensionA
                                                                                                                                                                                                                                                                          gdiplus.dllGdiplusStartup, GdiplusShutdown, GdipDisposeImage, GdipSaveImageToFile, GdipGetImageEncodersSize, GdipCreateBitmapFromHBITMAP, GdipGetImageEncoders
                                                                                                                                                                                                                                                                          SETUPAPI.dllSetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiGetDeviceInterfaceDetailA, SetupDiEnumDeviceInterfaces
                                                                                                                                                                                                                                                                          ntdll.dllRtlUnicodeStringToAnsiString

                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          RussianRussia
                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:15:38:18
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe
                                                                                                                                                                                                                                                                          Imagebase:0xe30000
                                                                                                                                                                                                                                                                          File size:1'509'376 bytes
                                                                                                                                                                                                                                                                          MD5 hash:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.2242173667.0000000003417000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                          Start time:15:38:19
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                                                                                                                                                          Imagebase:0xcc0000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                          Start time:15:38:19
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                          Start time:15:38:19
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                                                                                                                                                          Imagebase:0xcc0000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                          Start time:15:38:19
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                          Start time:15:38:21
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          Imagebase:0xb80000
                                                                                                                                                                                                                                                                          File size:1'509'376 bytes
                                                                                                                                                                                                                                                                          MD5 hash:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000002.2666359935.000000000143F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\ProgramData\MPGPH131\MPGPH131.exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                          • Detection: 55%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                          Start time:15:38:21
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                                                                                                                                                          Imagebase:0xb80000
                                                                                                                                                                                                                                                                          File size:1'509'376 bytes
                                                                                                                                                                                                                                                                          MD5 hash:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000002.3333189112.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                          Start time:15:38:30
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\ItBcnKyTYzzcux4XTo2S.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xd10000
                                                                                                                                                                                                                                                                          File size:1'390'080 bytes
                                                                                                                                                                                                                                                                          MD5 hash:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.2299329499.0000000000D11000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                          Start time:15:38:32
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xfd0000
                                                                                                                                                                                                                                                                          File size:1'509'376 bytes
                                                                                                                                                                                                                                                                          MD5 hash:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 55%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                          Start time:15:38:33
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\jobA45ChgbrP9t4O8b\wSEyOaXu6NUnyNwmSKqM.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x650000
                                                                                                                                                                                                                                                                          File size:916'480 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                          Start time:15:38:34
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                          Start time:15:38:35
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                          Start time:15:38:36
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://instagram.com/accounts/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                          Start time:15:38:36
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.paypal.com/signin
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                          Start time:15:38:36
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2204,i,15729364803454474630,3851250065344724833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                          Start time:15:38:36
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1992,i,6310753407935598149,17859461482613628573,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                          Start time:15:38:37
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2004,i,7283726857084362712,15119685456646774483,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                          Start time:15:38:37
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://store.steampowered.com/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                          Start time:15:38:38
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,14378781951259307047,4188744618890532289,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                          Start time:15:38:39
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://steamcommunity.com/openid/loginform
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                          Start time:15:38:39
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1964,i,4670160639782249315,11229613294517820312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                                          Start time:15:38:39
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.epicgames.com/id/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                                          Start time:15:38:40
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1992,i,12875510592016247848,9610536198439608052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                                          Start time:15:38:40
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xc0000
                                                                                                                                                                                                                                                                          File size:1'390'080 bytes
                                                                                                                                                                                                                                                                          MD5 hash:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000002.4853119184.00000000000C1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                                          Start time:15:38:41
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                                          Start time:15:38:41
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1956,i,1362200134941538796,11659752482438541742,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                          Start time:15:38:41
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                                          Start time:15:38:41
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,3788731305370777980,9416224067675073750,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                                          Start time:15:38:41
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                          Start time:15:38:41
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xfd0000
                                                                                                                                                                                                                                                                          File size:1'509'376 bytes
                                                                                                                                                                                                                                                                          MD5 hash:2F2ACBFB946B202FE77660B2A735A197
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                                                          Start time:15:38:42
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=920 --field-trial-handle=1592,i,7283115601660478920,12046409174522057752,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                                          Start time:15:38:42
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                                          Start time:15:38:43
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1952,i,4953983639272391216,16835619525233672643,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                          Start time:15:38:43
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                          Start time:15:38:43
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                                                                                          Start time:15:38:44
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2064,i,1050194441771241166,153372168645923794,262144 /prefetch:3
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                          Start time:15:38:44
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                                          Start time:15:38:44
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                                          Start time:15:38:44
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                                                          Start time:15:38:45
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:3
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                                                                                          Start time:15:38:48
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2252 -parentBuildID 20230927232528 -prefsHandle 2160 -prefMapHandle 2128 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3a84251-27d1-44ed-a5f3-48c6835a106c} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e5cf6d910 socket
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                                                                                          Start time:15:38:49
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xcf0000
                                                                                                                                                                                                                                                                          File size:1'390'080 bytes
                                                                                                                                                                                                                                                                          MD5 hash:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002E.00000002.2671031545.0000000000CF1000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:47
                                                                                                                                                                                                                                                                          Start time:15:38:49
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\RN_rIK_rAnb45b13yJFN.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xcf0000
                                                                                                                                                                                                                                                                          File size:1'390'080 bytes
                                                                                                                                                                                                                                                                          MD5 hash:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002F.00000002.2667619172.0000000000CF1000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:48
                                                                                                                                                                                                                                                                          Start time:15:38:50
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 1 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 21867 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4fb3dc-afa8-4648-aedc-bd5d4900ff67} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e6da77850 tab
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:49
                                                                                                                                                                                                                                                                          Start time:15:38:51
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
                                                                                                                                                                                                                                                                          Imagebase:0xcc0000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:50
                                                                                                                                                                                                                                                                          Start time:15:38:51
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4052 -prefsLen 22057 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f600edd2-3f25-4a9e-99ee-ad9bdbba397b} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e69f3abd0 tab
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:51
                                                                                                                                                                                                                                                                          Start time:15:38:53
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:52
                                                                                                                                                                                                                                                                          Start time:15:38:54
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 3124 -prefsLen 30974 -prefMapSize 237879 -jsInitHandle 1288 -jsInitLen 234236 -parentBuildID 20230927232528 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc6bea7-b0de-41ac-af27-3401bf89a237} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e76be9150 tab
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:53
                                                                                                                                                                                                                                                                          Start time:15:38:55
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6360 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:54
                                                                                                                                                                                                                                                                          Start time:15:38:55
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6384 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:55
                                                                                                                                                                                                                                                                          Start time:15:38:56
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -parentBuildID 20230927232528 -prefsHandle 2960 -prefMapHandle 4700 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {585c9d85-6524-4a3c-b0bb-5d4e5dd3101a} 13220 "\\.\pipe\gecko-crash-server-pipe.13220" 24e7535c410 rdd
                                                                                                                                                                                                                                                                          Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                          File size:676'768 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:56
                                                                                                                                                                                                                                                                          Start time:15:38:56
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                                                                                                                                                                                                                                                          Imagebase:0xb60000
                                                                                                                                                                                                                                                                          File size:61'440 bytes
                                                                                                                                                                                                                                                                          MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000038.00000002.4863465442.000000006CA41000.00000020.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:57
                                                                                                                                                                                                                                                                          Start time:15:38:56
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
                                                                                                                                                                                                                                                                          Imagebase:0xc0000
                                                                                                                                                                                                                                                                          File size:1'390'080 bytes
                                                                                                                                                                                                                                                                          MD5 hash:1E69A8A85C711D2D84F4097B06E4A6CE
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000039.00000002.2659905595.00000000000C1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:58
                                                                                                                                                                                                                                                                          Start time:15:38:59
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7644 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:59
                                                                                                                                                                                                                                                                          Start time:15:39:00
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7804 --field-trial-handle=1960,i,2598179566942425412,18010446210601525248,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:60
                                                                                                                                                                                                                                                                          Start time:15:39:01
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x370000
                                                                                                                                                                                                                                                                          File size:916'480 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:62
                                                                                                                                                                                                                                                                          Start time:15:39:01
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\jobA4Du8Ilqds2PLDa\8HpbF7lR86IQN_gPKFmq.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x370000
                                                                                                                                                                                                                                                                          File size:916'480 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D70733214C957E72E8C5A305B0BBC7D7
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:63
                                                                                                                                                                                                                                                                          Start time:15:39:03
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:64
                                                                                                                                                                                                                                                                          Start time:15:39:04
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.linkedin.com/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:65
                                                                                                                                                                                                                                                                          Start time:15:39:04
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1048,i,16917586532604722924,17238789171836043011,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:66
                                                                                                                                                                                                                                                                          Start time:15:39:04
                                                                                                                                                                                                                                                                          Start date:17/01/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://twitter.com/i/flow/login
                                                                                                                                                                                                                                                                          Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:11.6%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:12.3%
                                                                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:187
                                                                                                                                                                                                                                                                            execution_graph 116643 e8cde8 116644 e8cdf2 116643->116644 116644->116643 116646 e8ce5e error_info_injector 116644->116646 116695 eb5740 41 API calls __Strxfrm 116644->116695 116696 eb3010 116646->116696 116648 e8cf41 116713 e3d5d0 73 API calls error_info_injector 116648->116713 116650 e8cf46 error_info_injector 116651 e8cf9c CopyFileA 116650->116651 116653 e8cfd7 error_info_injector 116650->116653 116651->116653 116714 eb5200 116653->116714 116655 e8d0b0 116655->116655 116656 e8d110 error_info_injector 116655->116656 116721 e32b80 116655->116721 116737 eafea0 41 API calls std::_Facet_Register 116656->116737 116658 e8d103 116666 e3dc90 116658->116666 116661 eb5200 39 API calls 116663 e8d23d 116661->116663 116662 e8d1a2 error_info_injector 116662->116661 116664 eb5200 39 API calls 116663->116664 116665 e8d245 116664->116665 116738 f2a3f2 116666->116738 116669 e3e052 116766 f2a09b 73 API calls _unexpected 116669->116766 116670 e3dcce 116671 e3e058 116670->116671 116741 ebaa20 116670->116741 116767 e323f0 41 API calls 116671->116767 116676 e3dd2c FindFirstFileA 116679 e3df76 error_info_injector 116676->116679 116680 e3dd9c 116676->116680 116681 e3e017 error_info_injector __Mtx_unlock 116679->116681 116768 f30390 116679->116768 116680->116671 116682 ebaa20 41 API calls 116680->116682 116685 e3defc SetFileAttributesA 116680->116685 116686 e3dc90 81 API calls 116680->116686 116756 eb2d20 116680->116756 116761 eb2e90 116680->116761 116681->116656 116682->116680 116687 e3df1b DeleteFileA 116685->116687 116688 e3df9f GetLastError 116685->116688 116686->116685 116687->116688 116689 e3df31 FindNextFileA 116687->116689 116688->116679 116689->116680 116690 e3df48 FindClose GetLastError 116689->116690 116690->116679 116691 e3df5c SetFileAttributesA 116690->116691 116691->116679 116693 e3df81 RemoveDirectoryA 116691->116693 116693->116679 116695->116646 116697 eb303a 116696->116697 116698 eb304b 116697->116698 116699 eb30f2 116697->116699 116703 eb30b5 116698->116703 116704 eb3057 __Strxfrm 116698->116704 116707 eb307c 116698->116707 116708 eb30be 116698->116708 116863 e323f0 41 API calls 116699->116863 116701 eb30f7 116864 e32350 41 API calls 2 library calls 116701->116864 116703->116701 116703->116707 116704->116648 116705 f2ae70 std::_Facet_Register 41 API calls 116706 eb308f 116705->116706 116709 f30390 39 API calls 116706->116709 116712 eb3096 __Strxfrm 116706->116712 116707->116705 116710 f2ae70 std::_Facet_Register 41 API calls 116708->116710 116708->116712 116711 eb3101 116709->116711 116710->116712 116712->116648 116713->116650 116715 eb5209 116714->116715 116718 eb524c error_info_injector 116714->116718 116865 eb8380 116715->116865 116718->116655 116719 f30390 39 API calls 116720 eb5274 116719->116720 116722 e32b96 116721->116722 116723 e32c45 116721->116723 116725 e32ba2 __Strxfrm 116722->116725 116726 e32bca 116722->116726 116729 e32c05 116722->116729 116730 e32c0e 116722->116730 116870 e323f0 41 API calls 116723->116870 116725->116658 116731 f2ae70 std::_Facet_Register 41 API calls 116726->116731 116727 e32c4a 116871 e32350 41 API calls 2 library calls 116727->116871 116729->116726 116729->116727 116734 f2ae70 std::_Facet_Register 41 API calls 116730->116734 116735 e32be6 __Strxfrm 116730->116735 116732 e32bdd 116731->116732 116733 f30390 39 API calls 116732->116733 116732->116735 116736 e32c54 116733->116736 116734->116735 116735->116658 116737->116662 116773 f2a1cc 116738->116773 116742 ebaa53 116741->116742 116746 ebaa7e __Strxfrm 116741->116746 116743 ebaa60 116742->116743 116744 ebaaac 116742->116744 116745 ebaaa3 116742->116745 116801 f2ae70 116743->116801 116744->116746 116751 f2ae70 std::_Facet_Register 41 API calls 116744->116751 116745->116743 116748 ebaafd 116745->116748 116746->116676 116812 e32350 41 API calls 2 library calls 116748->116812 116749 ebaa73 116749->116746 116752 f30390 39 API calls 116749->116752 116751->116746 116753 ebab07 116752->116753 116813 f393b4 116753->116813 116755 ebab24 error_info_injector 116755->116676 116757 eb2d30 116756->116757 116757->116757 116760 eb2d47 __Strxfrm 116757->116760 116835 eb8e80 116757->116835 116759 eb2d82 116759->116680 116760->116680 116762 eb2ec1 error_info_injector 116761->116762 116763 eb2e9e 116761->116763 116762->116680 116763->116762 116764 f30390 39 API calls 116763->116764 116765 eb2f0c 116764->116765 116852 f302cc 39 API calls _strftime 116768->116852 116770 f3039f 116853 f303ad IsProcessorFeaturePresent 116770->116853 116774 f2a1f4 GetCurrentThreadId 116773->116774 116775 f2a22e 116773->116775 116778 f2a1ff GetCurrentThreadId 116774->116778 116787 f2a21a 116774->116787 116776 f2a232 GetCurrentThreadId 116775->116776 116777 f2a258 116775->116777 116780 f2a241 116776->116780 116779 f2a2f6 GetCurrentThreadId 116777->116779 116781 f2a279 116777->116781 116778->116787 116779->116780 116783 f2a33f GetCurrentThreadId 116780->116783 116780->116787 116798 f2a871 GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 116781->116798 116783->116787 116785 e3dcc3 116785->116669 116785->116670 116791 f2b495 116787->116791 116788 f2a2b5 GetCurrentThreadId 116788->116780 116789 f2a284 __Xtime_diff_to_millis2 116788->116789 116789->116780 116789->116787 116789->116788 116799 f2a871 GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 116789->116799 116792 f2b49e IsProcessorFeaturePresent 116791->116792 116793 f2b49d 116791->116793 116795 f2bc8a 116792->116795 116793->116785 116800 f2bc4d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 116795->116800 116797 f2bd6d 116797->116785 116798->116789 116799->116789 116800->116797 116802 f2ae75 116801->116802 116804 f2ae8f 116802->116804 116807 e32350 Concurrency::cancel_current_task 116802->116807 116816 f39b0a 116802->116816 116825 f3d3b8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 116802->116825 116804->116749 116806 f2ae9b 116806->116806 116807->116806 116823 f2cadb RaiseException 116807->116823 116809 e3236c 116824 f2c231 40 API calls 2 library calls 116809->116824 116811 e32393 116811->116749 116812->116749 116828 f4279a 116813->116828 116821 f432e4 _strftime 116816->116821 116817 f43322 116827 f38e1d 14 API calls __dosmaperr 116817->116827 116819 f4330d RtlAllocateHeap 116820 f43320 116819->116820 116819->116821 116820->116802 116821->116817 116821->116819 116826 f3d3b8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 116821->116826 116823->116809 116824->116811 116825->116802 116826->116821 116827->116820 116829 f427a5 RtlFreeHeap 116828->116829 116830 f393cc 116828->116830 116829->116830 116831 f427ba GetLastError 116829->116831 116830->116755 116832 f427c7 __dosmaperr 116831->116832 116834 f38e1d 14 API calls __dosmaperr 116832->116834 116834->116830 116836 eb8fc5 116835->116836 116837 eb8ea5 116835->116837 116850 e323f0 41 API calls 116836->116850 116841 eb8f13 116837->116841 116842 eb8f06 116837->116842 116844 eb8eba 116837->116844 116839 eb8fca 116851 e32350 41 API calls 2 library calls 116839->116851 116845 f2ae70 std::_Facet_Register 41 API calls 116841->116845 116848 eb8eca __Strxfrm 116841->116848 116842->116839 116842->116844 116843 f2ae70 std::_Facet_Register 41 API calls 116843->116848 116844->116843 116845->116848 116846 f30390 39 API calls 116847 eb8fd4 116846->116847 116848->116846 116849 eb8f83 error_info_injector __Strxfrm 116848->116849 116849->116759 116851->116848 116852->116770 116854 f303b9 116853->116854 116857 f30184 116854->116857 116858 f301a0 __fread_nolock _unexpected 116857->116858 116859 f301cc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 116858->116859 116862 f3029d _unexpected 116859->116862 116860 f2b495 _ValidateLocalCookies 5 API calls 116861 f302bb GetCurrentProcess TerminateProcess 116860->116861 116862->116860 116864->116706 116866 eb5213 116865->116866 116867 eb838a error_info_injector 116865->116867 116866->116718 116866->116719 116867->116866 116868 f30390 39 API calls 116867->116868 116869 eb83df 116868->116869 116871->116732 116872 eb47a8 116876 eb47b0 116872->116876 116874 eb90b0 39 API calls 116874->116876 116875 eb48cc 116879 eb490d 116875->116879 116880 eb48e4 116875->116880 116884 eb491b 116875->116884 116885 eb48f3 error_info_injector 116875->116885 116876->116874 116876->116875 116896 eb8b30 41 API calls 116876->116896 116897 ec01c0 41 API calls 116876->116897 116898 eb65b0 39 API calls error_info_injector 116879->116898 116891 eb90b0 116880->116891 116882 eb49be 116884->116885 116886 eb49d1 116884->116886 116899 eb65b0 39 API calls error_info_injector 116885->116899 116887 f30390 39 API calls 116886->116887 116888 eb49d6 116887->116888 116900 e32f20 41 API calls 116888->116900 116892 eb90f3 116891->116892 116895 eb90c3 error_info_injector 116891->116895 116892->116885 116893 eb90b0 39 API calls 116893->116895 116895->116892 116895->116893 116901 ec06d0 116895->116901 116896->116876 116897->116876 116898->116885 116899->116882 116902 ec06db 116901->116902 116903 ec06fe error_info_injector 116902->116903 116904 f30390 39 API calls 116902->116904 116903->116895 116905 ec0722 116904->116905 116906 f443b7 116907 f443c4 116906->116907 116911 f443dc 116906->116911 116963 f38e1d 14 API calls __dosmaperr 116907->116963 116909 f443c9 116964 f30380 39 API calls _strftime 116909->116964 116912 f4443b 116911->116912 116920 f443d4 116911->116920 116965 f45008 116911->116965 116926 f41b62 116912->116926 116915 f44454 116933 f400ea 116915->116933 116918 f41b62 __fread_nolock 39 API calls 116919 f4448d 116918->116919 116919->116920 116921 f41b62 __fread_nolock 39 API calls 116919->116921 116922 f4449b 116921->116922 116922->116920 116923 f41b62 __fread_nolock 39 API calls 116922->116923 116924 f444a9 116923->116924 116925 f41b62 __fread_nolock 39 API calls 116924->116925 116925->116920 116927 f41b83 116926->116927 116928 f41b6e 116926->116928 116927->116915 116970 f38e1d 14 API calls __dosmaperr 116928->116970 116930 f41b73 116971 f30380 39 API calls _strftime 116930->116971 116932 f41b7e 116932->116915 116934 f400f6 ___scrt_is_nonwritable_in_current_image 116933->116934 116935 f400fe 116934->116935 116939 f40119 116934->116939 117038 f38e0a 14 API calls __dosmaperr 116935->117038 116937 f40103 117039 f38e1d 14 API calls __dosmaperr 116937->117039 116938 f40130 117040 f38e0a 14 API calls __dosmaperr 116938->117040 116939->116938 116942 f4016b 116939->116942 116944 f40174 116942->116944 116945 f40189 116942->116945 116943 f40135 117041 f38e1d 14 API calls __dosmaperr 116943->117041 117043 f38e0a 14 API calls __dosmaperr 116944->117043 116972 f46047 EnterCriticalSection 116945->116972 116949 f40179 117044 f38e1d 14 API calls __dosmaperr 116949->117044 116950 f4018f 116953 f401c3 116950->116953 116954 f401ae 116950->116954 116951 f4013d 117042 f30380 39 API calls _strftime 116951->117042 116973 f40203 116953->116973 117045 f38e1d 14 API calls __dosmaperr 116954->117045 116958 f401b3 117046 f38e0a 14 API calls __dosmaperr 116958->117046 116959 f401be 117047 f401fb LeaveCriticalSection __wsopen_s 116959->117047 116962 f4010b 116962->116918 116962->116920 116963->116909 116964->116920 117087 f41fd3 116965->117087 116968 f4279a ___free_lconv_mon 14 API calls 116969 f4502f 116968->116969 116969->116912 116970->116930 116971->116932 116972->116950 116974 f40215 116973->116974 116975 f4022d 116973->116975 117057 f38e0a 14 API calls __dosmaperr 116974->117057 116976 f4056f 116975->116976 116982 f40270 116975->116982 117079 f38e0a 14 API calls __dosmaperr 116976->117079 116979 f4021a 117058 f38e1d 14 API calls __dosmaperr 116979->117058 116981 f40574 117080 f38e1d 14 API calls __dosmaperr 116981->117080 116984 f4027b 116982->116984 116987 f40222 116982->116987 116991 f402ab 116982->116991 117059 f38e0a 14 API calls __dosmaperr 116984->117059 116985 f40288 117081 f30380 39 API calls _strftime 116985->117081 116987->116959 116988 f40280 117060 f38e1d 14 API calls __dosmaperr 116988->117060 116992 f402c4 116991->116992 116993 f402d1 116991->116993 116994 f402ff 116991->116994 116992->116993 117000 f402ed 116992->117000 117061 f38e0a 14 API calls __dosmaperr 116993->117061 117064 f432e4 116994->117064 116996 f402d6 117062 f38e1d 14 API calls __dosmaperr 116996->117062 117048 f4c934 117000->117048 117002 f402dd 117063 f30380 39 API calls _strftime 117002->117063 117003 f4044b 117007 f404bf 117003->117007 117010 f40464 GetConsoleMode 117003->117010 117004 f4279a ___free_lconv_mon 14 API calls 117005 f40319 117004->117005 117008 f4279a ___free_lconv_mon 14 API calls 117005->117008 117009 f404c3 ReadFile 117007->117009 117011 f40320 117008->117011 117012 f40537 GetLastError 117009->117012 117013 f404db 117009->117013 117010->117007 117014 f40475 117010->117014 117015 f40345 117011->117015 117016 f4032a 117011->117016 117017 f40544 117012->117017 117018 f4049b 117012->117018 117013->117012 117019 f404b4 117013->117019 117014->117009 117020 f4047b ReadConsoleW 117014->117020 117073 f39d1b 41 API calls 2 library calls 117015->117073 117071 f38e1d 14 API calls __dosmaperr 117016->117071 117077 f38e1d 14 API calls __dosmaperr 117017->117077 117036 f402e8 __fread_nolock 117018->117036 117074 f38dc3 14 API calls __dosmaperr 117018->117074 117031 f40517 117019->117031 117032 f40500 117019->117032 117019->117036 117020->117019 117025 f40495 GetLastError 117020->117025 117021 f4279a ___free_lconv_mon 14 API calls 117021->116987 117025->117018 117026 f4032f 117072 f38e0a 14 API calls __dosmaperr 117026->117072 117027 f40549 117078 f38e0a 14 API calls __dosmaperr 117027->117078 117033 f40530 117031->117033 117031->117036 117075 f3ff15 44 API calls 3 library calls 117032->117075 117076 f3fd5b 42 API calls __fread_nolock 117033->117076 117036->117021 117037 f40535 117037->117036 117038->116937 117039->116962 117040->116943 117041->116951 117042->116962 117043->116949 117044->116951 117045->116958 117046->116959 117047->116962 117049 f4c941 117048->117049 117051 f4c94e 117048->117051 117082 f38e1d 14 API calls __dosmaperr 117049->117082 117053 f4c95a 117051->117053 117083 f38e1d 14 API calls __dosmaperr 117051->117083 117052 f4c946 117052->117003 117053->117003 117055 f4c97b 117084 f30380 39 API calls _strftime 117055->117084 117057->116979 117058->116987 117059->116988 117060->116985 117061->116996 117062->117002 117063->117036 117065 f43322 117064->117065 117070 f432f2 _strftime 117064->117070 117086 f38e1d 14 API calls __dosmaperr 117065->117086 117067 f4330d RtlAllocateHeap 117068 f40310 117067->117068 117067->117070 117068->117004 117070->117065 117070->117067 117085 f3d3b8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 117070->117085 117071->117026 117072->117036 117073->117000 117074->117036 117075->117036 117076->117037 117077->117027 117078->117036 117079->116981 117080->116985 117081->116987 117082->117052 117083->117055 117084->117052 117085->117070 117086->117068 117093 f41fe0 _strftime 117087->117093 117088 f4200b RtlAllocateHeap 117091 f4201e 117088->117091 117088->117093 117089 f42020 117095 f38e1d 14 API calls __dosmaperr 117089->117095 117091->116968 117093->117088 117093->117089 117094 f3d3b8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 117093->117094 117094->117093 117095->117091 117096 ec1d6a 117119 ec5230 117096->117119 117098 ebb920 44 API calls 117100 ec18a1 117098->117100 117100->117098 117102 ec3020 41 API calls 117100->117102 117105 ec1b1a 117100->117105 117110 ec23be error_info_injector 117100->117110 117139 eb4a10 117100->117139 117161 ec37b0 41 API calls 117100->117161 117102->117100 117166 eb0400 39 API calls error_info_injector 117105->117166 117109 ec2c3e 117111 f2c294 14 API calls ___std_exception_destroy 117110->117111 117112 ec2bea error_info_injector 117110->117112 117162 ebacb0 46 API calls 2 library calls 117110->117162 117163 e38410 41 API calls 3 library calls 117110->117163 117164 ebb360 46 API calls 117110->117164 117165 ec2cc0 41 API calls Concurrency::cancel_current_task 117110->117165 117111->117110 117113 f30390 39 API calls 117112->117113 117114 ec2c5b 117113->117114 117167 ec3c20 40 API calls ___std_exception_copy 117114->117167 117116 ec2c69 117168 f2cadb RaiseException 117116->117168 117118 ec2c7a 117120 ec525b 117119->117120 117121 ec52c5 117119->117121 117122 f2ae70 std::_Facet_Register 41 API calls 117120->117122 117123 ec52cd 117121->117123 117124 ec5348 117121->117124 117125 ec526a 117122->117125 117127 ec5318 117123->117127 117128 ec52d8 117123->117128 117126 f2ae70 std::_Facet_Register 41 API calls 117124->117126 117130 eb3010 41 API calls 117125->117130 117131 ec5357 117126->117131 117169 ec9e90 41 API calls std::_Facet_Register 117127->117169 117132 f2ae70 std::_Facet_Register 41 API calls 117128->117132 117135 ec5289 117130->117135 117133 eb3010 41 API calls 117131->117133 117134 ec52ea 117132->117134 117136 ec5376 117133->117136 117137 eb3010 41 API calls 117134->117137 117135->117100 117136->117100 117138 ec5309 117137->117138 117138->117100 117140 eb4b73 117139->117140 117141 eb4a52 117139->117141 117142 eb4a89 117140->117142 117170 e32ab0 117140->117170 117141->117142 117143 eb4a59 117141->117143 117144 eb4ad7 117141->117144 117145 eb4b17 117141->117145 117146 eb4ab5 117141->117146 117142->117100 117149 f2ae70 std::_Facet_Register 41 API calls 117143->117149 117147 f2ae70 std::_Facet_Register 41 API calls 117144->117147 117148 f2ae70 std::_Facet_Register 41 API calls 117145->117148 117150 f2ae70 std::_Facet_Register 41 API calls 117146->117150 117153 eb4ade 117147->117153 117148->117142 117154 eb4a60 117149->117154 117150->117142 117156 e32b80 41 API calls 117153->117156 117157 f2ae70 std::_Facet_Register 41 API calls 117154->117157 117156->117142 117157->117142 117158 eb4ba1 117175 f2cadb RaiseException 117158->117175 117160 eb4bb2 117161->117100 117162->117110 117163->117110 117164->117110 117165->117110 117166->117109 117167->117116 117168->117118 117169->117138 117171 e32ad3 117170->117171 117171->117171 117172 e32b80 41 API calls 117171->117172 117173 e32ae5 117172->117173 117174 e39070 41 API calls 2 library calls 117173->117174 117174->117158 117175->117160 117176 ef24a5 117177 ef24cb 117176->117177 117191 eeded1 117176->117191 117177->117191 117194 ee5790 117177->117194 117179 ef24e8 117179->117191 117203 ee59b0 SetFilePointer GetLastError ReadFile GetLastError 117179->117203 117182 ef41e9 117183 ef46e5 117207 ed9b70 15 API calls 117183->117207 117184 ef4206 117185 ef4236 117184->117185 117204 ed9b70 15 API calls 117184->117204 117192 ef4247 117185->117192 117205 ed9b70 15 API calls 117185->117205 117189 ef4715 117190 ef4577 117206 ed9b70 15 API calls 117190->117206 117191->117182 117191->117183 117191->117184 117191->117185 117191->117190 117202 ee9550 19 API calls 117191->117202 117196 ee57a8 117194->117196 117195 ee57ac 117195->117179 117196->117195 117199 ee57c4 117196->117199 117208 ee45c0 117196->117208 117198 ee582b 117198->117179 117199->117198 117211 ee5710 117199->117211 117202->117191 117203->117191 117204->117185 117205->117182 117206->117182 117207->117189 117215 ee2b40 117208->117215 117210 ee45dd 117210->117199 117212 ee5733 117211->117212 117213 ee5727 117211->117213 117212->117179 117214 ee45c0 4 API calls 117213->117214 117214->117212 117216 ee2b58 117215->117216 117218 ee2b62 117215->117218 117216->117210 117217 ee2c0d __fread_nolock 117217->117210 117218->117217 117220 edd130 SetFilePointer 117218->117220 117221 edd15a GetLastError 117220->117221 117222 edd171 ReadFile 117220->117222 117221->117222 117223 edd164 117221->117223 117224 edd18c GetLastError 117222->117224 117225 edd1a0 __fread_nolock 117222->117225 117223->117217 117224->117217 117225->117217 117226 f27cb8 117227 f27cca 117226->117227 117230 ed9610 117227->117230 117229 f27cd7 117231 ed966d 117230->117231 117232 ed9621 117230->117232 117231->117229 117233 ed9660 117232->117233 117236 ed9530 117232->117236 117233->117229 117235 ed9647 117235->117229 117237 ed9547 117236->117237 117240 ed91f0 117237->117240 117238 ed9594 117238->117235 117241 f39b0a ___std_exception_copy 15 API calls 117240->117241 117242 ed9206 117241->117242 117242->117238 117243 f425f8 117248 f423ce 117243->117248 117246 f42637 117249 f423ed 117248->117249 117250 f42400 117249->117250 117255 f42415 117249->117255 117268 f38e1d 14 API calls __dosmaperr 117250->117268 117252 f42405 117269 f30380 39 API calls _strftime 117252->117269 117254 f42535 117256 f42410 117254->117256 117284 f38e1d 14 API calls __dosmaperr 117254->117284 117255->117254 117270 f3885e 117255->117270 117256->117246 117265 f3a3d1 117256->117265 117258 f425e6 117285 f30380 39 API calls _strftime 117258->117285 117261 f42585 117261->117254 117262 f3885e 39 API calls 117261->117262 117263 f425a3 117262->117263 117263->117254 117264 f3885e 39 API calls 117263->117264 117264->117254 117291 f39d79 117265->117291 117268->117252 117269->117256 117271 f388b5 117270->117271 117272 f3886d 117270->117272 117290 f388cb 39 API calls 2 library calls 117271->117290 117274 f38873 117272->117274 117277 f38890 117272->117277 117286 f38e1d 14 API calls __dosmaperr 117274->117286 117275 f38883 117275->117261 117283 f388ae 117277->117283 117288 f38e1d 14 API calls __dosmaperr 117277->117288 117278 f38878 117287 f30380 39 API calls _strftime 117278->117287 117281 f3889f 117289 f30380 39 API calls _strftime 117281->117289 117283->117261 117284->117258 117285->117256 117286->117278 117287->117275 117288->117281 117289->117275 117290->117275 117292 f39d85 ___scrt_is_nonwritable_in_current_image 117291->117292 117293 f39d8c 117292->117293 117295 f39db7 117292->117295 117311 f38e1d 14 API calls __dosmaperr 117293->117311 117302 f3a363 117295->117302 117296 f39d91 117312 f30380 39 API calls _strftime 117296->117312 117301 f39d9b 117301->117246 117314 f34a57 117302->117314 117307 f3a399 117309 f39ddb 117307->117309 117310 f4279a ___free_lconv_mon 14 API calls 117307->117310 117313 f39e0e LeaveCriticalSection __wsopen_s 117309->117313 117310->117309 117311->117296 117312->117301 117313->117301 117369 f30c9b 117314->117369 117317 f34a7b 117319 f34a3a 117317->117319 117431 f34988 117319->117431 117322 f3a3f1 117456 f3a13f 117322->117456 117325 f3a423 117487 f38e0a 14 API calls __dosmaperr 117325->117487 117326 f3a43c 117473 f4611f 117326->117473 117330 f3a428 117488 f38e1d 14 API calls __dosmaperr 117330->117488 117331 f3a461 117486 f3a0aa CreateFileW 117331->117486 117332 f3a44a 117489 f38e0a 14 API calls __dosmaperr 117332->117489 117336 f3a44f 117344 f3a49a 117359 f3a435 117359->117307 117370 f30cb2 117369->117370 117371 f30cb9 117369->117371 117370->117317 117377 f42b3e 5 API calls std::_Locinfo::_Locinfo_dtor 117370->117377 117371->117370 117378 f417bb GetLastError 117371->117378 117377->117317 117379 f417d1 117378->117379 117380 f417d7 117378->117380 117410 f42c8c 6 API calls _unexpected 117379->117410 117384 f417db SetLastError 117380->117384 117411 f42ccb 6 API calls _unexpected 117380->117411 117383 f417f3 117383->117384 117385 f41fd3 __Getctype 14 API calls 117383->117385 117388 f41870 117384->117388 117389 f30cda 117384->117389 117387 f41808 117385->117387 117390 f41810 117387->117390 117391 f41821 117387->117391 117416 f3be39 117388->117416 117405 f41aa6 117389->117405 117412 f42ccb 6 API calls _unexpected 117390->117412 117413 f42ccb 6 API calls _unexpected 117391->117413 117396 f4182d 117398 f41831 117396->117398 117399 f41848 117396->117399 117397 f4181e 117401 f4279a ___free_lconv_mon 14 API calls 117397->117401 117414 f42ccb 6 API calls _unexpected 117398->117414 117415 f415e9 14 API calls __Getctype 117399->117415 117401->117384 117403 f41853 117404 f4279a ___free_lconv_mon 14 API calls 117403->117404 117404->117384 117406 f30cf0 117405->117406 117407 f41ab9 117405->117407 117409 f41b04 39 API calls _strftime 117406->117409 117407->117406 117430 f4b0e3 39 API calls 4 library calls 117407->117430 117409->117370 117410->117380 117411->117383 117412->117397 117413->117396 117414->117397 117415->117403 117427 f48371 EnterCriticalSection LeaveCriticalSection _unexpected 117416->117427 117418 f3be3e 117419 f3be49 117418->117419 117428 f483b6 39 API calls 7 library calls 117418->117428 117421 f3be53 IsProcessorFeaturePresent 117419->117421 117422 f3be72 117419->117422 117424 f3be5f 117421->117424 117429 f3ae00 21 API calls _unexpected 117422->117429 117426 f30184 _unexpected 8 API calls 117424->117426 117425 f3be7c 117426->117422 117427->117418 117428->117419 117429->117425 117430->117406 117432 f349b0 117431->117432 117433 f34996 117431->117433 117435 f349b7 117432->117435 117436 f349d6 117432->117436 117449 f34a96 14 API calls ___free_lconv_mon 117433->117449 117448 f349a0 117435->117448 117450 f34ab0 15 API calls _strftime 117435->117450 117451 f433ca MultiByteToWideChar _strftime 117436->117451 117438 f349e5 117440 f349ec GetLastError 117438->117440 117447 f34a12 117438->117447 117454 f34ab0 15 API calls _strftime 117438->117454 117452 f38dc3 14 API calls __dosmaperr 117440->117452 117442 f349f8 117453 f38e1d 14 API calls __dosmaperr 117442->117453 117445 f34a29 117445->117440 117445->117448 117447->117448 117455 f433ca MultiByteToWideChar _strftime 117447->117455 117448->117307 117448->117322 117449->117448 117450->117448 117451->117438 117452->117442 117453->117448 117454->117447 117455->117445 117457 f3a160 117456->117457 117458 f3a17a 117456->117458 117457->117458 117509 f38e1d 14 API calls __dosmaperr 117457->117509 117502 f3a0cf 117458->117502 117461 f3a16f 117510 f30380 39 API calls _strftime 117461->117510 117463 f3a1b2 117464 f3a1e1 117463->117464 117511 f38e1d 14 API calls __dosmaperr 117463->117511 117470 f3a234 117464->117470 117513 f3e313 39 API calls 2 library calls 117464->117513 117467 f3a22f 117467->117470 117471 f303ad __Getctype 11 API calls 117467->117471 117468 f3a1d6 117512 f30380 39 API calls _strftime 117468->117512 117470->117325 117470->117326 117472 f3a2b8 117471->117472 117474 f4612b ___scrt_is_nonwritable_in_current_image 117473->117474 117516 f3b8e5 EnterCriticalSection 117474->117516 117476 f46132 117478 f46157 117476->117478 117482 f461c6 EnterCriticalSection 117476->117482 117483 f46179 117476->117483 117520 f45ef9 117478->117520 117482->117483 117484 f461d3 LeaveCriticalSection 117482->117484 117517 f46229 117483->117517 117484->117476 117486->117344 117487->117330 117488->117359 117489->117336 117504 f3a0e7 117502->117504 117503 f3a102 117503->117463 117504->117503 117514 f38e1d 14 API calls __dosmaperr 117504->117514 117506 f3a126 117515 f30380 39 API calls _strftime 117506->117515 117508 f3a131 117508->117463 117509->117461 117510->117458 117511->117468 117512->117464 117513->117467 117514->117506 117515->117508 117516->117476 117528 f3b92d LeaveCriticalSection 117517->117528 117519 f3a441 117519->117331 117519->117332 117521 f41fd3 __Getctype 14 API calls 117520->117521 117522 f45f0b 117521->117522 117523 f45f18 117522->117523 117529 f42e24 117522->117529 117524 f4279a ___free_lconv_mon 14 API calls 117523->117524 117526 f45f6d 117524->117526 117526->117483 117528->117519 117534 f42a79 117529->117534 117535 f42aa9 117534->117535 117540 f42aa5 117534->117540 117535->117540 117542 ec3720 117543 ec376f error_info_injector 117542->117543 117544 ec372c 117542->117544 117545 eb8380 39 API calls 117544->117545 117546 ec3736 117545->117546 117546->117543 117547 f30390 39 API calls 117546->117547 117548 ec37a3 117547->117548 117549 f23f3f 117555 f006e0 117549->117555 117551 f23f49 117553 f26374 117551->117553 117569 f23b70 15 API calls 117551->117569 117554 f263b2 117556 f00702 117555->117556 117566 f0086e 117555->117566 117557 f0070b 117556->117557 117560 f00723 117556->117560 117582 edbb20 15 API calls 117557->117582 117559 f00719 117559->117551 117561 ed9610 15 API calls 117560->117561 117563 f00734 __Strxfrm 117560->117563 117560->117566 117561->117563 117562 f00850 117562->117566 117570 ed9990 117562->117570 117563->117562 117565 f008a2 117563->117565 117563->117566 117583 edbb20 15 API calls 117565->117583 117566->117551 117568 f008b0 117568->117551 117569->117554 117571 ed99a5 117570->117571 117581 ed9a38 __Strxfrm 117570->117581 117572 ed9a0d 117571->117572 117573 ed99a9 117571->117573 117574 ed9a66 117572->117574 117577 ed9a1d 117572->117577 117576 ed9610 15 API calls 117573->117576 117580 ed99c9 117573->117580 117584 f27470 117574->117584 117576->117580 117578 ed9a2b 117577->117578 117579 ed9610 15 API calls 117577->117579 117578->117566 117579->117581 117580->117566 117581->117566 117582->117559 117583->117568 117585 f27483 117584->117585 117587 f2748c __fread_nolock 117584->117587 117585->117581 117586 f27470 15 API calls 117588 f277b1 117586->117588 117587->117586 117592 f27871 117587->117592 117589 ed9610 15 API calls 117588->117589 117588->117592 117591 f277c0 117589->117591 117590 f27470 15 API calls 117590->117592 117591->117590 117591->117592 117592->117581 117593 ef1961 117594 ef19aa 117593->117594 117595 ef1981 117593->117595 117597 ee5a90 117595->117597 117599 ee5aaa 117597->117599 117598 ee5790 4 API calls 117603 ee5af0 117598->117603 117599->117598 117604 ee5ac7 117599->117604 117600 eec760 19 API calls 117600->117603 117601 ed9530 15 API calls 117601->117603 117603->117600 117603->117601 117603->117604 117605 ee45c0 4 API calls 117603->117605 117606 ee52b0 19 API calls 2 library calls 117603->117606 117604->117594 117605->117603 117606->117603 117607 ee46e0 117608 ed9610 15 API calls 117607->117608 117609 ee46fd 117608->117609 117610 ee492d 117609->117610 117611 ed9610 15 API calls 117609->117611 117613 ee4729 __fread_nolock 117611->117613 117612 ee4804 117613->117612 117616 ee476f 117613->117616 117617 ee1830 117613->117617 117616->117612 117622 ee19b0 117616->117622 117618 ee1846 __fread_nolock 117617->117618 117619 ee1873 117618->117619 117621 edd130 4 API calls 117618->117621 117619->117616 117620 ee1861 117620->117616 117621->117620 117623 ee19bc 117622->117623 117628 edeac0 117623->117628 117626 ee1a73 117626->117612 117629 edeadb 117628->117629 117630 edeacb 117628->117630 117629->117626 117632 edf4f0 117629->117632 117630->117629 117631 f393b4 14 API calls 117630->117631 117631->117629 117633 edf4fc 117632->117633 117640 ededf0 117633->117640 117638 edf58e 117638->117626 117639 f393b4 14 API calls 117639->117638 117641 edeeba 117640->117641 117642 edee06 117640->117642 117644 eded20 117641->117644 117642->117641 117643 edeac0 14 API calls 117642->117643 117643->117642 117645 ededeb 117644->117645 117647 eded31 117644->117647 117645->117638 117645->117639 117646 edeac0 14 API calls 117646->117647 117647->117645 117647->117646 117648 f41d7b 117649 f41b62 __fread_nolock 39 API calls 117648->117649 117651 f41d88 117649->117651 117650 f41d94 117651->117650 117652 f41de0 117651->117652 117678 f41f43 41 API calls __wsopen_s 117651->117678 117652->117650 117659 f41e42 117652->117659 117660 f44290 117652->117660 117656 f41e35 117658 f45008 14 API calls 117656->117658 117656->117659 117658->117659 117667 f41e71 117659->117667 117661 f4429c 117660->117661 117662 f442c6 117661->117662 117663 f41b62 __fread_nolock 39 API calls 117661->117663 117662->117656 117664 f442b7 117663->117664 117665 f4c934 __fread_nolock 39 API calls 117664->117665 117666 f442bd 117665->117666 117666->117656 117668 f41b62 __fread_nolock 39 API calls 117667->117668 117669 f41e80 117668->117669 117670 f41f26 117669->117670 117671 f41e93 117669->117671 117672 f40f6b __wsopen_s 64 API calls 117670->117672 117673 f41eb0 117671->117673 117676 f41ed7 117671->117676 117675 f41e53 117672->117675 117679 f40f6b 117673->117679 117676->117675 117690 f39cbd 117676->117690 117678->117652 117680 f40f77 ___scrt_is_nonwritable_in_current_image 117679->117680 117681 f40fb8 117680->117681 117683 f40ffe 117680->117683 117689 f40f7f 117680->117689 117725 f30303 39 API calls 2 library calls 117681->117725 117696 f46047 EnterCriticalSection 117683->117696 117685 f41004 117686 f41022 117685->117686 117697 f4107c 117685->117697 117726 f41074 LeaveCriticalSection __wsopen_s 117686->117726 117689->117675 117691 f39cd1 _strftime 117690->117691 117768 f39b15 117691->117768 117696->117685 117698 f410a4 117697->117698 117716 f410c7 __wsopen_s 117697->117716 117699 f410a8 117698->117699 117701 f41103 117698->117701 117737 f30303 39 API calls 2 library calls 117699->117737 117702 f41121 117701->117702 117727 f39d5b 117701->117727 117730 f40bc1 117702->117730 117706 f41180 117710 f41194 117706->117710 117711 f411e9 WriteFile 117706->117711 117707 f41139 117708 f41141 117707->117708 117709 f41168 117707->117709 117708->117716 117738 f40b59 6 API calls __wsopen_s 117708->117738 117739 f40792 45 API calls 5 library calls 117709->117739 117714 f411d5 117710->117714 117715 f4119c 117710->117715 117713 f4120b GetLastError 117711->117713 117711->117716 117713->117716 117742 f40c3e 7 API calls 2 library calls 117714->117742 117720 f411c1 117715->117720 117721 f411a1 117715->117721 117716->117686 117719 f4117b 117719->117716 117741 f40e02 8 API calls 3 library calls 117720->117741 117721->117716 117723 f411aa 117721->117723 117740 f40d19 7 API calls 2 library calls 117723->117740 117725->117689 117726->117689 117743 f39c3a 117727->117743 117729 f39d74 117729->117702 117731 f4c934 __fread_nolock 39 API calls 117730->117731 117732 f40bd3 117731->117732 117733 f40c37 117732->117733 117734 f40c01 117732->117734 117767 f35a80 39 API calls 2 library calls 117732->117767 117733->117706 117733->117707 117734->117733 117736 f40c1b GetConsoleMode 117734->117736 117736->117733 117737->117716 117738->117716 117739->117719 117740->117716 117741->117719 117742->117719 117749 f462c3 117743->117749 117745 f39c4c 117746 f39c68 SetFilePointerEx 117745->117746 117748 f39c54 __wsopen_s 117745->117748 117747 f39c80 GetLastError 117746->117747 117746->117748 117747->117748 117748->117729 117750 f462e5 117749->117750 117751 f462d0 117749->117751 117757 f4630a 117750->117757 117764 f38e0a 14 API calls __dosmaperr 117750->117764 117762 f38e0a 14 API calls __dosmaperr 117751->117762 117754 f462d5 117763 f38e1d 14 API calls __dosmaperr 117754->117763 117755 f46315 117765 f38e1d 14 API calls __dosmaperr 117755->117765 117757->117745 117759 f462dd 117759->117745 117760 f4631d 117766 f30380 39 API calls _strftime 117760->117766 117762->117754 117763->117759 117764->117755 117765->117760 117766->117759 117767->117734 117770 f39b21 ___scrt_is_nonwritable_in_current_image 117768->117770 117769 f39b29 117779 f300bc 117769->117779 117770->117769 117771 f39b64 117770->117771 117772 f39baa 117770->117772 117786 f30303 39 API calls 2 library calls 117771->117786 117785 f46047 EnterCriticalSection 117772->117785 117775 f39bb0 117776 f39bd1 117775->117776 117777 f39c3a __fread_nolock 41 API calls 117775->117777 117787 f39c32 LeaveCriticalSection __wsopen_s 117776->117787 117777->117776 117780 f300c8 117779->117780 117781 f300df 117780->117781 117788 f30167 39 API calls 2 library calls 117780->117788 117782 f300f2 117781->117782 117789 f30167 39 API calls 2 library calls 117781->117789 117782->117675 117785->117775 117786->117769 117787->117769 117788->117781 117789->117782 117790 f190e1 117791 f190eb 117790->117791 117805 f189d0 117791->117805 117795 f19339 117816 f139f0 15 API calls __fread_nolock 117795->117816 117796 f192c2 117796->117795 117796->117796 117800 f1931f 117796->117800 117798 f1914f 117798->117796 117804 f1937b 117798->117804 117814 f177b0 15 API calls __fread_nolock 117798->117814 117799 f19345 117815 edbb20 15 API calls 117800->117815 117803 f1932a 117806 f189e8 117805->117806 117807 f18a6a 117805->117807 117806->117807 117817 ef4cc0 117806->117817 117807->117798 117813 eea490 15 API calls __fread_nolock 117807->117813 117810 ef4cc0 48 API calls 117811 f18a3f 117810->117811 117811->117807 117812 ef4cc0 48 API calls 117811->117812 117812->117807 117813->117798 117814->117798 117815->117803 117816->117799 117818 ef4cd7 117817->117818 117819 ef4ded 117817->117819 117818->117819 117820 ef4c00 48 API calls 117818->117820 117821 ef4cc0 48 API calls 117818->117821 117823 f17ef0 117818->117823 117819->117807 117819->117810 117820->117818 117821->117818 117824 f18220 117823->117824 117845 f17f16 __fread_nolock 117823->117845 117824->117818 117825 f180df 117825->117824 117866 f10e70 15 API calls 117825->117866 117827 ef4cc0 48 API calls 117827->117845 117829 f181f1 117830 f1893c 117829->117830 117872 edbb20 15 API calls 117829->117872 117830->117818 117831 ed9610 15 API calls 117831->117845 117832 edbb20 15 API calls 117832->117845 117835 f182db 117868 f01740 15 API calls 117835->117868 117837 f188ee 117839 f18906 117837->117839 117870 edbb20 15 API calls 117837->117870 117838 f182e4 117838->117824 117869 ef7ac0 15 API calls 117838->117869 117871 edbb20 15 API calls 117839->117871 117845->117824 117845->117825 117845->117827 117845->117831 117845->117832 117845->117835 117854 f10020 117845->117854 117860 edaf60 117845->117860 117864 f12ab0 15 API calls __fread_nolock 117845->117864 117865 f17e30 15 API calls 117845->117865 117846 f182f9 117847 ef4cc0 48 API calls 117846->117847 117847->117824 117849 ed9990 15 API calls 117852 f180fb __Strxfrm 117849->117852 117850 ed9610 15 API calls 117850->117852 117851 ef6a40 15 API calls 117851->117852 117852->117824 117852->117829 117852->117837 117852->117849 117852->117850 117852->117851 117853 edaf60 15 API calls 117852->117853 117867 ef7c60 15 API calls 117852->117867 117853->117852 117855 f10050 117854->117855 117857 f100a5 117855->117857 117859 f1008b 117855->117859 117873 f0fc80 117855->117873 117892 eff340 117857->117892 117859->117845 117861 edafae 117860->117861 117862 edae80 15 API calls 117861->117862 117863 edafb9 117862->117863 117863->117845 117864->117845 117865->117845 117866->117852 117867->117852 117868->117838 117869->117846 117870->117839 117871->117829 117872->117830 117896 f0fa10 117873->117896 117875 f0fce6 117876 f0fd2b 117875->117876 117881 f0fd76 117875->117881 117917 ee4e70 117875->117917 117876->117855 117879 f0fd47 117956 ed9b70 15 API calls 117879->117956 117880 f0fe9c 117957 ed9b70 15 API calls 117880->117957 117881->117880 117882 f0ff44 117881->117882 117885 edaf60 15 API calls 117882->117885 117886 f0ff6d 117885->117886 117924 f0c3f0 117886->117924 117889 f0feaa 117889->117876 117958 ee3440 SetFilePointer GetLastError ReadFile GetLastError 117889->117958 117890 f0ff84 117890->117889 117891 eff340 15 API calls 117890->117891 117891->117889 117893 eff35d 117892->117893 117895 eff38b __fread_nolock 117892->117895 117893->117895 118149 f04ea0 15 API calls 117893->118149 117895->117859 117897 f0fa88 117896->117897 117898 f0fa39 117896->117898 117900 f0fad5 117897->117900 117901 f0fa99 117897->117901 117909 f0facd 117897->117909 117899 f0fa68 117898->117899 117965 ed9b70 15 API calls 117898->117965 117899->117875 117903 f0fae9 117900->117903 117908 f0fbcf 117900->117908 117901->117909 117966 ed9b70 15 API calls 117901->117966 117959 f389d5 117903->117959 117907 f0c3f0 48 API calls 117913 f0fb10 117907->117913 117908->117909 117969 ed9b70 15 API calls 117908->117969 117909->117875 117911 f0fc41 117970 edafd0 15 API calls 117911->117970 117913->117909 117967 ed9b70 15 API calls 117913->117967 117915 f0fb83 117915->117909 117968 edafd0 15 API calls 117915->117968 117918 ee4f7d 117917->117918 117922 ee4e91 117917->117922 117923 ee4ea7 117918->117923 118007 ee3650 15 API calls __fread_nolock 117918->118007 117922->117918 117922->117923 117999 ee4bb0 117922->117999 118006 ee2f00 15 API calls 117922->118006 117923->117879 117923->117881 117932 f0c429 __fread_nolock __Strxfrm 117924->117932 117925 f0c53c 118008 edb9b0 117925->118008 117928 f2ae70 std::_Facet_Register 41 API calls 117928->117932 117930 edb9b0 15 API calls 117935 f0cb6b 117930->117935 117931 f0caaf 117931->117930 117931->117935 117932->117925 117932->117928 117938 f0cbe0 117935->117938 117952 f0ccb8 __Strxfrm 117935->117952 118044 ee9ed0 117935->118044 117936 ed9610 15 API calls 117954 f0c55b __fread_nolock 117936->117954 117940 ed9610 15 API calls 117938->117940 117939 f0ca4b 117941 f0ca70 117939->117941 118042 eebe30 15 API calls 117939->118042 117943 f0cc8c 117940->117943 117948 edb9b0 15 API calls 117941->117948 117946 f0cd58 117943->117946 117951 f0cc9c 117943->117951 117944 ee9ed0 15 API calls 117944->117954 117945 f0ca19 117945->117931 118043 eebe30 15 API calls 117945->118043 117949 edb9b0 15 API calls 117946->117949 117947 edb9b0 15 API calls 117947->117954 117948->117945 117949->117952 117951->117952 117953 ee9ed0 15 API calls 117951->117953 117952->117890 117953->117952 117954->117936 117954->117939 117954->117944 117954->117945 117954->117947 117955 f0fa10 48 API calls 117954->117955 118015 f10800 117954->118015 118026 eed060 117954->118026 118040 eedaf0 15 API calls 117954->118040 118041 eebe30 15 API calls 117954->118041 117955->117954 117956->117876 117957->117889 117958->117876 117960 f389e8 _strftime 117959->117960 117971 f34f55 117960->117971 117962 f38a02 117963 f300bc _strftime 39 API calls 117962->117963 117964 f0faf4 117963->117964 117964->117907 117965->117899 117966->117909 117967->117915 117968->117909 117969->117911 117970->117909 117985 f34729 117971->117985 117973 f34faf 117979 f34fd3 117973->117979 117993 f35a80 39 API calls 2 library calls 117973->117993 117974 f34f67 117974->117973 117975 f34f7c 117974->117975 117984 f34f97 _strftime 117974->117984 117992 f30303 39 API calls 2 library calls 117975->117992 117981 f34ff7 117979->117981 117994 f34744 42 API calls 2 library calls 117979->117994 117980 f3507f 117996 f346d2 39 API calls 2 library calls 117980->117996 117981->117980 117995 f346d2 39 API calls 2 library calls 117981->117995 117984->117962 117986 f34741 117985->117986 117987 f3472e 117985->117987 117986->117974 117997 f38e1d 14 API calls __dosmaperr 117987->117997 117989 f34733 117998 f30380 39 API calls _strftime 117989->117998 117991 f3473e 117991->117974 117992->117984 117993->117979 117994->117979 117995->117980 117996->117984 117997->117989 117998->117991 118000 ee4bc5 117999->118000 118001 ee2b40 4 API calls 118000->118001 118002 ee4d3f 118000->118002 118003 ee4bdf 118001->118003 118002->117922 118003->118002 118004 edeac0 14 API calls 118003->118004 118005 ee4d0e 118004->118005 118005->117922 118006->117922 118007->117923 118010 edb9c7 118008->118010 118014 edbac3 118008->118014 118009 edb9df 118009->117954 118010->118009 118011 edba0d 118010->118011 118012 ed9610 15 API calls 118010->118012 118011->118014 118053 edae80 118011->118053 118012->118011 118014->117954 118016 f10929 118015->118016 118018 f10825 118015->118018 118016->117954 118018->118016 118057 f100c0 118018->118057 118019 f1090a 118019->117954 118020 f108d9 118021 f100c0 19 API calls 118020->118021 118021->118019 118024 f108ac 118024->118020 118025 edb9b0 15 API calls 118024->118025 118025->118020 118027 eed4b9 118026->118027 118038 eed079 118026->118038 118027->117954 118028 eed44e 118029 eed48e 118028->118029 118030 edb9b0 15 API calls 118028->118030 118029->117954 118030->118029 118032 eed3f2 118032->118028 118034 ee9ed0 15 API calls 118032->118034 118033 f10800 19 API calls 118033->118038 118035 eed42a 118034->118035 118035->118028 118140 ed9aa0 15 API calls __Strxfrm 118035->118140 118037 eebe30 15 API calls 118037->118038 118038->118028 118038->118032 118038->118033 118038->118037 118039 edb9b0 15 API calls 118038->118039 118126 eede10 118038->118126 118039->118038 118040->117954 118041->117954 118042->117941 118043->117931 118045 ee9ee7 118044->118045 118052 ee9f67 118044->118052 118046 ee9f10 118045->118046 118045->118052 118146 ee9100 15 API calls __fread_nolock 118045->118146 118048 ee9f8e 118046->118048 118049 ee9f1e 118046->118049 118148 ee9160 15 API calls 118048->118148 118049->118052 118147 ee8f10 15 API calls __Strxfrm 118049->118147 118052->117938 118054 edae90 118053->118054 118056 edaebd __Strxfrm 118053->118056 118055 ed9610 15 API calls 118054->118055 118054->118056 118055->118056 118056->118014 118058 f100dd 118057->118058 118059 ed9610 15 API calls 118058->118059 118061 f10111 __fread_nolock 118058->118061 118063 f100e2 118058->118063 118059->118061 118060 f107d9 118060->118019 118060->118020 118060->118024 118089 eebe30 15 API calls 118060->118089 118061->118063 118064 f102d6 118061->118064 118065 f1019f 118061->118065 118062 edb9b0 15 API calls 118062->118060 118063->118060 118063->118062 118090 f27020 118064->118090 118067 f101a4 118065->118067 118070 f101e4 118065->118070 118068 edb9b0 15 API calls 118067->118068 118069 f101b1 118068->118069 118069->118063 118071 edb9b0 15 API calls 118069->118071 118072 ed9610 15 API calls 118070->118072 118074 f101eb 118070->118074 118077 f1023f __Strxfrm 118070->118077 118071->118063 118072->118077 118073 f103f6 118075 f1040d 118073->118075 118076 eff340 15 API calls 118073->118076 118074->118073 118079 ee4e70 19 API calls 118074->118079 118110 ee3440 SetFilePointer GetLastError ReadFile GetLastError 118074->118110 118081 f1048b __Strxfrm 118075->118081 118088 ed9610 15 API calls 118075->118088 118076->118075 118077->118074 118078 f27020 15 API calls 118077->118078 118078->118074 118079->118074 118080 f10546 118083 f10560 118080->118083 118084 f10609 118080->118084 118081->118080 118111 eebe30 15 API calls 118081->118111 118087 edb9b0 15 API calls 118083->118087 118085 edb9b0 15 API calls 118084->118085 118085->118063 118087->118063 118088->118081 118089->118024 118091 f27056 118090->118091 118092 ed9610 15 API calls 118091->118092 118094 f2707f 118092->118094 118093 f27119 118095 f271e2 118093->118095 118096 f267c0 15 API calls 118093->118096 118104 f27205 118093->118104 118094->118093 118098 f2716c 118094->118098 118100 f2710e 118094->118100 118108 f27439 118094->118108 118112 f267c0 118094->118112 118097 f267c0 15 API calls 118095->118097 118096->118095 118097->118104 118101 edaf60 15 API calls 118098->118101 118122 edbb20 15 API calls 118100->118122 118101->118093 118103 f272ea 118109 f27346 118103->118109 118124 eff990 15 API calls 118103->118124 118104->118103 118123 ed9b70 15 API calls 118104->118123 118108->118074 118109->118108 118125 eff990 15 API calls 118109->118125 118110->118074 118111->118080 118113 f267c3 118112->118113 118114 f26880 118113->118114 118115 f2683d 118113->118115 118116 f23bf0 15 API calls 118113->118116 118119 f26836 118113->118119 118114->118119 118120 edbb20 15 API calls 118114->118120 118117 edbb20 15 API calls 118115->118117 118116->118113 118118 f2685f 118117->118118 118118->118094 118119->118094 118121 f268c4 118120->118121 118121->118094 118122->118093 118123->118103 118124->118109 118125->118109 118135 eede84 118126->118135 118136 ef4236 118126->118136 118129 ef4715 118129->118038 118130 ef46e5 118145 ed9b70 15 API calls 118130->118145 118131 ef4206 118131->118136 118142 ed9b70 15 API calls 118131->118142 118134 ef4577 118144 ed9b70 15 API calls 118134->118144 118135->118130 118135->118131 118135->118134 118135->118136 118139 ef41e9 118135->118139 118141 ee9550 19 API calls 118135->118141 118136->118038 118137 ef4247 118136->118137 118143 ed9b70 15 API calls 118136->118143 118137->118038 118139->118038 118140->118028 118141->118135 118142->118136 118143->118139 118144->118139 118145->118129 118146->118046 118147->118052 118148->118052 118149->117893 118150 ef257f 118151 ef259b 118150->118151 118152 ee5790 4 API calls 118151->118152 118165 eeded1 118152->118165 118154 ef41e9 118155 ef46e5 118170 ed9b70 15 API calls 118155->118170 118156 ef4206 118162 ef4236 118156->118162 118167 ed9b70 15 API calls 118156->118167 118160 ef4715 118161 ef4577 118169 ed9b70 15 API calls 118161->118169 118163 ef4247 118162->118163 118168 ed9b70 15 API calls 118162->118168 118165->118154 118165->118155 118165->118156 118165->118161 118165->118162 118166 ee9550 19 API calls 118165->118166 118166->118165 118167->118162 118168->118154 118169->118154 118170->118160 118171 f19361 118172 f19365 118171->118172 118173 f1936d 118171->118173 118172->118173 118174 f19413 118172->118174 118328 edbb20 15 API calls 118173->118328 118176 f19429 118174->118176 118329 ef7510 15 API calls 118174->118329 118289 f11fa0 118176->118289 118179 f1945d 118183 f19491 118179->118183 118330 eea550 118179->118330 118182 f19378 118184 eea550 15 API calls 118183->118184 118187 f1952c 118183->118187 118184->118187 118185 f19573 118300 f135c0 118185->118300 118296 eea6b0 118187->118296 118189 f11fa0 15 API calls 118190 f195a6 118189->118190 118191 eea550 15 API calls 118190->118191 118192 f195bd 118190->118192 118191->118192 118193 f19704 118192->118193 118197 f19648 118192->118197 118193->118193 118194 eea6b0 15 API calls 118193->118194 118198 f19745 118194->118198 118196 f196e5 118335 f23120 15 API calls 118196->118335 118197->118182 118334 f116d0 15 API calls 118197->118334 118205 f1980a 118198->118205 118336 ef4c00 48 API calls 118198->118336 118200 f1986a 118214 f198b0 118200->118214 118338 ef4c00 48 API calls 118200->118338 118203 f19959 118208 f1acd3 118203->118208 118210 f11fa0 15 API calls 118203->118210 118204 f1ac80 118204->118182 118352 f12890 15 API calls 118204->118352 118205->118200 118337 ef4c00 48 API calls 118205->118337 118211 f19996 118210->118211 118213 eea550 15 API calls 118211->118213 118215 f199c5 118211->118215 118213->118215 118214->118203 118339 ef4c00 48 API calls 118214->118339 118216 eea6b0 15 API calls 118215->118216 118217 f19a3d 118216->118217 118218 eea6b0 15 API calls 118217->118218 118219 f19a52 118218->118219 118220 f19a8f 118219->118220 118221 eea550 15 API calls 118219->118221 118222 f19aed 118220->118222 118223 eea550 15 API calls 118220->118223 118221->118220 118224 eea550 15 API calls 118222->118224 118225 f19b44 118222->118225 118223->118222 118224->118225 118225->118182 118236 f19bb5 118225->118236 118340 efc190 15 API calls 118225->118340 118226 f1a0c4 118228 eea550 15 API calls 118226->118228 118231 f1a0db 118226->118231 118228->118231 118229 f19ca9 118232 eea550 15 API calls 118229->118232 118252 f19cc8 118229->118252 118233 f1a14a 118231->118233 118234 eea550 15 API calls 118231->118234 118232->118252 118344 ef9ed0 15 API calls 118233->118344 118234->118233 118236->118226 118238 eea550 15 API calls 118236->118238 118343 efa050 15 API calls 118236->118343 118237 f1a19d 118240 f1a1b5 118237->118240 118243 eea550 15 API calls 118237->118243 118238->118236 118241 f19df0 118242 f19e20 118241->118242 118244 eea550 15 API calls 118241->118244 118246 eea550 15 API calls 118242->118246 118253 f19e80 118242->118253 118243->118240 118244->118242 118246->118253 118249 eea550 15 API calls 118249->118252 118252->118241 118252->118249 118341 ef99f0 15 API calls 118252->118341 118342 f23120 15 API calls 118253->118342 118287 f196f1 118287->118204 118351 f120b0 15 API calls 118287->118351 118290 f11fc2 118289->118290 118291 ed9610 15 API calls 118290->118291 118292 f11fc8 118290->118292 118295 f11fef __fread_nolock 118290->118295 118291->118295 118292->118179 118293 f120a7 118293->118179 118295->118293 118353 ef65f0 15 API calls 118295->118353 118297 eea6cf 118296->118297 118299 eea6e6 118296->118299 118298 ed9990 15 API calls 118297->118298 118298->118299 118299->118185 118301 f135da 118300->118301 118326 f13940 118300->118326 118302 f13604 118301->118302 118301->118326 118354 eea490 15 API calls __fread_nolock 118301->118354 118302->118326 118355 efa050 15 API calls 118302->118355 118305 f1361f 118306 f13643 118305->118306 118309 eea550 15 API calls 118305->118309 118307 f13695 118306->118307 118308 eea550 15 API calls 118306->118308 118310 f136e5 118307->118310 118311 eea550 15 API calls 118307->118311 118308->118307 118309->118306 118310->118326 118356 efa050 15 API calls 118310->118356 118311->118310 118313 f13746 118314 f1376c 118313->118314 118318 eea550 15 API calls 118313->118318 118315 f137b5 118314->118315 118316 eea550 15 API calls 118314->118316 118317 f137fc 118315->118317 118319 eea550 15 API calls 118315->118319 118316->118315 118320 eea550 15 API calls 118317->118320 118321 f1384d 118317->118321 118318->118314 118319->118317 118320->118321 118322 f138a8 118321->118322 118323 eea550 15 API calls 118321->118323 118324 f138ec 118322->118324 118325 eea550 15 API calls 118322->118325 118323->118322 118324->118326 118327 eea550 15 API calls 118324->118327 118325->118324 118326->118189 118327->118326 118328->118182 118329->118176 118331 eea55c 118330->118331 118332 ed9990 15 API calls 118331->118332 118333 eea574 118332->118333 118333->118183 118334->118196 118335->118287 118336->118198 118337->118205 118338->118214 118339->118214 118340->118229 118341->118252 118343->118236 118344->118237 118351->118204 118352->118182 118353->118295 118354->118302 118355->118305 118356->118313 118357 ef263a 118358 ef264b 118357->118358 118359 ef46e5 118357->118359 118361 ef268a 118358->118361 118362 ef2691 118358->118362 118373 eeded1 118358->118373 118397 ed9b70 15 API calls 118359->118397 118376 ee5f90 118361->118376 118393 ee6100 19 API calls 118362->118393 118364 ef4715 118367 ef41e9 118368 ef4206 118369 ef4236 118368->118369 118394 ed9b70 15 API calls 118368->118394 118374 ef4247 118369->118374 118395 ed9b70 15 API calls 118369->118395 118372 ef4577 118396 ed9b70 15 API calls 118372->118396 118373->118359 118373->118367 118373->118368 118373->118369 118373->118372 118392 ee9550 19 API calls 118373->118392 118377 ee5fa4 118376->118377 118378 ee5fa9 118376->118378 118402 ee3b50 19 API calls 118377->118402 118380 ee600e 118378->118380 118381 ee60e4 118378->118381 118384 ee5fb7 118378->118384 118382 ee6013 118380->118382 118387 ee6060 118380->118387 118381->118384 118398 ee58d0 118381->118398 118385 ee5710 4 API calls 118382->118385 118384->118373 118386 ee6040 118385->118386 118386->118384 118388 ee58d0 4 API calls 118386->118388 118387->118384 118390 ee5f90 19 API calls 118387->118390 118389 ee604f 118388->118389 118389->118373 118391 ee60ca 118390->118391 118391->118373 118392->118373 118393->118373 118394->118369 118395->118367 118396->118367 118397->118364 118400 ee58e0 118398->118400 118399 ee598f 118399->118384 118400->118399 118401 ee45c0 4 API calls 118400->118401 118401->118400 118402->118378 118403 ede831 118404 ede8c1 118403->118404 118405 ede840 __fread_nolock 118403->118405 118407 edf4a0 118405->118407 118408 edf4ac 118407->118408 118409 edf4d1 118408->118409 118410 ededf0 14 API calls 118408->118410 118409->118404 118410->118409 118411 ed97b1 118412 ed97c4 118411->118412 118415 ed97d4 118411->118415 118413 ed9610 15 API calls 118412->118413 118414 ed97ca 118413->118414 118416 ed97d8 118415->118416 118418 ed9230 118415->118418 118421 f34b78 118418->118421 118422 f4341c 118421->118422 118423 f43434 118422->118423 118424 f43429 118422->118424 118426 f4343c 118423->118426 118432 f43445 _strftime 118423->118432 118425 f432e4 _strftime 15 API calls 118424->118425 118431 ed924d 118425->118431 118429 f4279a ___free_lconv_mon 14 API calls 118426->118429 118427 f4346f RtlReAllocateHeap 118427->118431 118427->118432 118428 f4344a 118434 f38e1d 14 API calls __dosmaperr 118428->118434 118429->118431 118431->118416 118432->118427 118432->118428 118435 f3d3b8 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 118432->118435 118434->118431 118435->118432 118436 ec6b70 118437 ec6b7a 118436->118437 118438 eb65b0 118436->118438 118439 eb65f3 error_info_injector 118438->118439 118440 f30390 39 API calls 118438->118440 118441 eb661b 118440->118441 118442 edddf0 118453 edd7a0 118442->118453 118444 edde05 118445 edde0b 118444->118445 118446 edde1d GetVersionExA 118444->118446 118447 edde46 118444->118447 118446->118447 118448 edde4d GetFileAttributesW 118447->118448 118449 edde55 GetFileAttributesA 118447->118449 118450 edde5b 118448->118450 118449->118450 118451 f393b4 ___std_exception_destroy 14 API calls 118450->118451 118452 edde63 118451->118452 118454 edd7de 118453->118454 118455 edd7b5 GetVersionExA 118453->118455 118456 edd7ef 118454->118456 118457 edd7e5 118454->118457 118455->118454 118473 edcf80 17 API calls 2 library calls 118456->118473 118472 edcf80 17 API calls 2 library calls 118457->118472 118460 edd7ea 118460->118444 118461 edd7f5 118462 edd7fb 118461->118462 118463 edd801 AreFileApisANSI WideCharToMultiByte 118461->118463 118462->118444 118464 f39b0a ___std_exception_copy 15 API calls 118463->118464 118465 edd82a 118464->118465 118466 edd851 118465->118466 118467 edd833 WideCharToMultiByte 118465->118467 118470 f393b4 ___std_exception_destroy 14 API calls 118466->118470 118467->118466 118468 edd84b 118467->118468 118469 f393b4 ___std_exception_destroy 14 API calls 118468->118469 118469->118466 118471 edd85c 118470->118471 118471->118444 118472->118460 118473->118461 118474 e4c700 118475 e4c74e __fread_nolock 118474->118475 118476 e32b80 41 API calls 118475->118476 118477 e4c7eb 118476->118477 118477->118477 118478 e32b80 41 API calls 118477->118478 118479 e4c85c GetModuleHandleA GetProcAddress 118478->118479 118480 e4c8af 118479->118480 118481 e4c929 CreateProcessA 118480->118481 118483 e4ca11 118481->118483 118482 e4ca37 error_info_injector 118483->118482 118484 f30390 39 API calls 118483->118484 118485 e4ca5e 118484->118485 118486 e6460c 118487 eb4a10 41 API calls 118486->118487 118524 e64600 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z error_info_injector 118487->118524 118489 e65449 118491 e32ab0 41 API calls 118489->118491 118492 e65460 118491->118492 118653 eb6e40 118492->118653 118499 e6543f 118652 e323f0 41 API calls 118499->118652 118501 ebaa20 41 API calls 118501->118524 118502 f30390 39 API calls 118502->118489 118505 e6543a 118506 f30390 39 API calls 118505->118506 118506->118499 118508 e32b80 41 API calls 118508->118524 118509 f10800 19 API calls 118509->118524 118511 e653a2 118513 eb5200 39 API calls 118511->118513 118512 eb4a10 41 API calls 118512->118524 118516 e64033 error_info_injector 118513->118516 118515 e64081 error_info_injector 118516->118502 118516->118515 118517 f2ae70 41 API calls std::_Facet_Register 118517->118524 118518 edb9b0 15 API calls 118518->118524 118519 ee9ed0 15 API calls 118519->118524 118521 eb6ff0 41 API calls 118521->118524 118523 eb0490 41 API calls 118523->118524 118524->118486 118524->118489 118524->118499 118524->118501 118524->118505 118524->118508 118524->118509 118524->118511 118524->118512 118524->118517 118524->118518 118524->118519 118524->118521 118524->118523 118525 eed060 19 API calls 118524->118525 118526 e49620 118524->118526 118572 e49b90 118524->118572 118590 eb0ea0 118524->118590 118593 eb4be0 118524->118593 118605 eba830 118524->118605 118622 eb2d90 118524->118622 118627 f38a14 118524->118627 118633 eb0770 118524->118633 118651 eebe30 15 API calls 118524->118651 118525->118524 118527 e49670 118526->118527 118528 e32b80 41 API calls 118527->118528 118529 e496b8 118528->118529 118529->118529 118530 e32b80 41 API calls 118529->118530 118531 e49703 118530->118531 118531->118531 118532 e32b80 41 API calls 118531->118532 118533 e49737 118532->118533 118656 e3e070 118533->118656 118536 e49b87 118538 f30390 39 API calls 118536->118538 118537 e49746 error_info_injector 118537->118536 118677 e3e3d0 118537->118677 118539 e49b8c 118538->118539 118540 e497b9 118541 e32b80 41 API calls 118540->118541 118542 e4981c 118541->118542 118543 e49b77 118542->118543 118544 e49859 118542->118544 118718 e323f0 41 API calls 118543->118718 118546 ebaa20 41 API calls 118544->118546 118547 e4987c 118546->118547 118549 eba830 41 API calls 118547->118549 118548 e49b7c 118550 f30390 39 API calls 118548->118550 118551 e49895 118549->118551 118552 e49b81 118550->118552 118553 eb2d90 41 API calls 118551->118553 118719 f2a09b 73 API calls _unexpected 118552->118719 118556 e498a7 error_info_injector 118553->118556 118555 e499e5 CopyFileA 118558 e49a50 118555->118558 118559 e49a19 118555->118559 118556->118548 118556->118555 118557 e499db error_info_injector 118556->118557 118557->118555 118560 f2a3f2 13 API calls 118558->118560 118682 e3ba50 118559->118682 118562 e49a5a 118560->118562 118562->118552 118564 e49a65 118562->118564 118565 eb3010 41 API calls 118564->118565 118567 e49a8e 118565->118567 118566 e49b3b error_info_injector 118568 eb5200 39 API calls 118566->118568 118571 e49a39 error_info_injector __Mtx_unlock 118567->118571 118717 ebf720 41 API calls 3 library calls 118567->118717 118569 e49b62 118568->118569 118569->118524 118571->118536 118571->118566 118573 f2a3f2 13 API calls 118572->118573 118574 e49ba5 118573->118574 118575 e49cf3 118574->118575 118577 e49c0c __Mtx_unlock 118574->118577 118579 e49c27 118574->118579 118815 f2a09b 73 API calls _unexpected 118575->118815 118785 f27fb0 118577->118785 118581 f27fb0 19 API calls 118579->118581 118583 e49c2e 118581->118583 118582 e49c20 118582->118524 118802 f34b0e 118583->118802 118585 e49cb2 error_info_injector __Mtx_unlock 118585->118524 118586 eb2e90 39 API calls 118587 e49c56 118586->118587 118587->118586 118588 e49c88 118587->118588 118588->118585 118589 f30390 39 API calls 118588->118589 118589->118575 118823 eb4d50 118590->118823 118596 eb4c10 118593->118596 118594 eb4cc9 118879 e380f0 41 API calls 118594->118879 118595 eb4c4e 118598 f2ae70 std::_Facet_Register 41 API calls 118595->118598 118596->118594 118596->118595 118602 eb4c94 118596->118602 118600 eb4c68 118598->118600 118599 eb4cce 118601 eb3010 41 API calls 118600->118601 118603 eb4c82 118601->118603 118602->118524 118604 eb4a10 41 API calls 118603->118604 118604->118602 118606 eba873 118605->118606 118607 eba93d 118606->118607 118608 ebaa04 118606->118608 118614 eba878 __Strxfrm 118606->118614 118609 eba94a 118607->118609 118611 eba99c 118607->118611 118612 eba993 118607->118612 118880 e323f0 41 API calls 118608->118880 118615 f2ae70 std::_Facet_Register 41 API calls 118609->118615 118618 f2ae70 std::_Facet_Register 41 API calls 118611->118618 118621 eba96a __Strxfrm 118611->118621 118612->118609 118613 ebaa09 118612->118613 118881 e32350 41 API calls 2 library calls 118613->118881 118614->118524 118617 eba95f 118615->118617 118619 f30390 39 API calls 118617->118619 118617->118621 118618->118621 118620 ebaa13 118619->118620 118621->118524 118623 eb2da4 118622->118623 118624 eb8e80 41 API calls 118623->118624 118626 eb2db4 __Strxfrm 118623->118626 118625 eb2dfa 118624->118625 118625->118524 118626->118524 118628 f38a28 _strftime 118627->118628 118882 f357aa 118628->118882 118630 f38a42 118631 f300bc _strftime 39 API calls 118630->118631 118632 f38a51 118631->118632 118632->118524 118634 eb0795 118633->118634 118643 eb07c8 118633->118643 118635 f2ae70 std::_Facet_Register 41 API calls 118634->118635 118638 eb079f 118635->118638 118636 eb07ea 118639 eb4be0 41 API calls 118636->118639 118637 eb0808 118642 e32ab0 41 API calls 118637->118642 118640 f2ae70 std::_Facet_Register 41 API calls 118638->118640 118641 eb07f5 118639->118641 118640->118643 118641->118524 118644 eb0818 118642->118644 118643->118636 118643->118637 118645 eb6e40 41 API calls 118644->118645 118646 eb082d 118645->118646 118904 e38cb0 41 API calls 2 library calls 118646->118904 118648 eb0842 118905 f2cadb RaiseException 118648->118905 118650 eb0853 118651->118524 118654 eb6e56 118653->118654 118654->118654 118906 ec2d70 41 API calls 4 library calls 118654->118906 118657 e3e0fc error_info_injector 118656->118657 118658 e3e364 118657->118658 118661 e32b80 41 API calls 118657->118661 118671 e3e280 error_info_injector 118657->118671 118676 e3e20f 118657->118676 118720 ebfbb0 41 API calls 118657->118720 118727 eb65a0 41 API calls error_info_injector 118658->118727 118659 e3e2b6 118664 e3e2d3 118659->118664 118665 e3e2c6 118659->118665 118659->118671 118660 e3e22b 118660->118658 118663 e3e24b 118660->118663 118661->118657 118666 e32b80 41 API calls 118663->118666 118726 ebfcd0 41 API calls 118664->118726 118667 eb3010 41 API calls 118665->118667 118670 e3e26d 118666->118670 118667->118671 118669 f30390 39 API calls 118673 e3e36e 118669->118673 118721 eb1d00 118670->118721 118671->118669 118675 e3e345 error_info_injector 118671->118675 118675->118537 118676->118659 118676->118660 118729 eb2f10 41 API calls 3 library calls 118677->118729 118679 e3e3e8 118680 e3e444 118679->118680 118730 f30d1d 39 API calls __Getctype 118679->118730 118680->118540 118731 ebdf80 118682->118731 118717->118571 118722 eb1d4b 118721->118722 118723 eb1d0b 118721->118723 118728 ebfbb0 41 API calls 118722->118728 118723->118671 118727->118671 118729->118679 118730->118679 118732 ebdf98 118731->118732 118732->118732 118749 ec4900 118732->118749 118767 f29371 118749->118767 118751 ec494e 118752 e3bab5 118751->118752 118753 ec49ff 118751->118753 118754 ec4992 118751->118754 118778 f3b39a 39 API calls __Getctype 118767->118778 118769 f29376 118770 f29382 AreFileApisANSI 118769->118770 118771 f2937f 118769->118771 118770->118751 118771->118751 118778->118769 118788 f27fc3 118785->118788 118799 f284d4 118785->118799 118786 eff340 15 API calls 118792 f28001 118786->118792 118787 f27fdb 118787->118582 118788->118786 118788->118787 118789 f28016 118790 edb9b0 15 API calls 118789->118790 118791 f28109 118790->118791 118791->118582 118792->118789 118796 f28048 118792->118796 118793 f28093 118794 eff340 15 API calls 118793->118794 118798 f2809c 118794->118798 118796->118793 118816 ee4940 19 API calls 118796->118816 118797 edb9b0 15 API calls 118800 f28386 118797->118800 118798->118797 118799->118582 118800->118799 118801 f393b4 14 API calls 118800->118801 118801->118799 118803 f34b26 118802->118803 118804 f34b1c 118802->118804 118806 f34a57 __wsopen_s 39 API calls 118803->118806 118805 f433f4 16 API calls 118804->118805 118807 f34b23 118805->118807 118808 f34b40 118806->118808 118807->118587 118809 f34a3a _strftime 17 API calls 118808->118809 118810 f34b4d 118809->118810 118811 f34b54 118810->118811 118817 f433f4 DeleteFileW 118810->118817 118813 f34b72 118811->118813 118814 f4279a ___free_lconv_mon 14 API calls 118811->118814 118813->118587 118814->118813 118816->118796 118818 f43406 GetLastError 118817->118818 118819 f43418 118817->118819 118822 f38dc3 14 API calls __dosmaperr 118818->118822 118819->118811 118821 f43412 118821->118811 118822->118821 118827 eb4d8a 118823->118827 118824 f2ae70 std::_Facet_Register 41 API calls 118825 eb4dc0 118824->118825 118826 eb0ebe 118825->118826 118828 eb4ea9 118825->118828 118829 eb4e13 118825->118829 118826->118524 118827->118824 118873 e32f20 41 API calls 118828->118873 118835 eb6710 41 API calls 2 library calls 118829->118835 118833 eb4e19 118833->118826 118836 eb0b60 118833->118836 118835->118833 118837 eb0b9f 118836->118837 118867 eb0c03 __Strxfrm 118836->118867 118838 eb0c5f 118837->118838 118839 eb0ba6 118837->118839 118840 eb0d16 118837->118840 118841 eb0d85 118837->118841 118837->118867 118843 f2ae70 std::_Facet_Register 41 API calls 118838->118843 118844 f2ae70 std::_Facet_Register 41 API calls 118839->118844 118842 f2ae70 std::_Facet_Register 41 API calls 118840->118842 118845 f2ae70 std::_Facet_Register 41 API calls 118841->118845 118847 eb0d20 118842->118847 118848 eb0c6c 118843->118848 118849 eb0bb0 118844->118849 118846 eb0d92 118845->118846 118852 eb0dd0 118846->118852 118853 eb0e65 118846->118853 118846->118867 118850 eb3010 41 API calls 118847->118850 118854 eb0e60 118848->118854 118855 eb0cb0 118848->118855 118848->118867 118851 f2ae70 std::_Facet_Register 41 API calls 118849->118851 118850->118867 118856 eb0bdf 118851->118856 118857 eb0dd8 118852->118857 118858 eb0dfd 118852->118858 118877 e32f20 41 API calls 118853->118877 118876 e32f20 41 API calls 118854->118876 118875 eb6710 41 API calls 2 library calls 118855->118875 118874 eca410 41 API calls std::_Facet_Register 118856->118874 118863 eb0e6a 118857->118863 118864 eb0de3 118857->118864 118865 f2ae70 std::_Facet_Register 41 API calls 118858->118865 118878 e32350 41 API calls 2 library calls 118863->118878 118868 f2ae70 std::_Facet_Register 41 API calls 118864->118868 118865->118867 118866 eb0cb6 118866->118867 118871 eb0b60 41 API calls 118866->118871 118867->118833 118870 eb0de9 118868->118870 118870->118867 118872 f30390 39 API calls 118870->118872 118871->118866 118872->118870 118874->118867 118875->118866 118878->118870 118879->118599 118881->118617 118883 f34729 _strftime 39 API calls 118882->118883 118886 f357bd 118883->118886 118884 f35805 118887 f3582a 118884->118887 118899 f35a80 39 API calls 2 library calls 118884->118899 118885 f357d2 118898 f30303 39 API calls 2 library calls 118885->118898 118886->118884 118886->118885 118897 f357ed 118886->118897 118900 f34744 42 API calls 2 library calls 118887->118900 118892 f3583f 118893 f35868 118892->118893 118901 f34744 42 API calls 2 library calls 118892->118901 118896 f358f3 __aulldiv 118893->118896 118902 f346d2 39 API calls 2 library calls 118893->118902 118903 f346d2 39 API calls 2 library calls 118896->118903 118897->118630 118898->118897 118899->118887 118900->118892 118901->118892 118902->118896 118903->118897 118904->118648 118905->118650 118907 eccf40 118909 eccf89 118907->118909 118908 eb5430 39 API calls 118910 ecd195 118908->118910 118920 ecd083 118909->118920 118924 eb29b0 118909->118924 118912 ecd070 118913 ecd088 118912->118913 118914 ecd07b 118912->118914 118916 eb2d90 41 API calls 118913->118916 118918 ecd11b error_info_injector 118913->118918 118915 eb5430 39 API calls 118914->118915 118915->118920 118919 ecd0bb 118916->118919 118917 eb5430 39 API calls 118917->118920 118918->118917 118919->118918 118921 ecd1ad 118919->118921 118920->118908 118922 f30390 39 API calls 118921->118922 118923 ecd1b2 118922->118923 118925 eb29da 118924->118925 118926 eb2a57 118925->118926 118930 eb29e7 118925->118930 118934 e323f0 41 API calls 118926->118934 118928 eb29f3 __Strxfrm 118928->118912 118930->118928 118933 eba7a0 41 API calls 2 library calls 118930->118933 118932 eb2a32 __Strxfrm 118932->118912 118933->118932 118935 ebcc46 118936 ebcc59 118935->118936 118939 e32c60 118936->118939 118938 ebcc8f 118940 e32d8d 118939->118940 118944 e32c85 118939->118944 118954 e323f0 41 API calls 118940->118954 118942 e32d92 118955 e32350 41 API calls 2 library calls 118942->118955 118943 e32c9a 118948 f2ae70 std::_Facet_Register 41 API calls 118943->118948 118944->118943 118946 e32cf3 118944->118946 118947 e32ce6 118944->118947 118949 f2ae70 std::_Facet_Register 41 API calls 118946->118949 118952 e32caa __Strxfrm 118946->118952 118947->118942 118947->118943 118948->118952 118949->118952 118950 f30390 39 API calls 118951 e32d9c 118950->118951 118952->118950 118953 e32d4f error_info_injector __Strxfrm 118952->118953 118953->118938 118955->118952 118956 f262cb 118962 f1ca70 118956->118962 118960 f26374 118961 f263b2 118978 efff40 118962->118978 118964 f1cbce 118964->118960 118977 f23b70 15 API calls 118964->118977 118965 f1ca92 118965->118964 118968 ed9610 15 API calls 118965->118968 118973 f1caee __Strxfrm 118965->118973 118967 f1cb9b 119035 ed9aa0 15 API calls __Strxfrm 118967->119035 118968->118973 118970 f1cbad 119036 f1c7d0 15 API calls 118970->119036 118972 f1cbb7 119037 ed9aa0 15 API calls __Strxfrm 118972->119037 119034 f1c7d0 15 API calls 118973->119034 118975 f1cbc4 119038 f1c7d0 15 API calls 118975->119038 118977->118961 119039 effd50 118978->119039 118980 efff59 118981 ed9610 15 API calls 118980->118981 118982 efffa3 __Strxfrm 118980->118982 118984 efff84 118980->118984 118981->118982 118982->118984 119050 effea0 118982->119050 118984->118965 118985 f000f6 118985->118984 118988 ed9610 15 API calls 118985->118988 118993 f0012b __fread_nolock 118985->118993 118986 f00056 118990 f0005a 118986->118990 118991 f0008c 118986->118991 118995 f000b8 118986->118995 118987 f00033 118987->118984 118987->118985 118987->118986 118989 f10020 48 API calls 118987->118989 118988->118993 118989->118986 118990->118965 118991->118984 119055 edbb20 15 API calls 118991->119055 118993->118984 118998 f001cc 118993->118998 119057 eea490 15 API calls __fread_nolock 118993->119057 118994 f000a4 118994->118965 118995->118985 118996 f000d6 118995->118996 119056 edbb20 15 API calls 118996->119056 118998->118984 119058 f04380 15 API calls 118998->119058 118999 f000e2 118999->118965 119002 f001e3 119003 f00207 119002->119003 119059 eea5d0 15 API calls 119002->119059 119005 eea550 15 API calls 119003->119005 119007 f00236 119003->119007 119005->119007 119006 f002a1 119009 f00315 119006->119009 119010 eea550 15 API calls 119006->119010 119007->119006 119008 eea550 15 API calls 119007->119008 119008->119006 119011 f0036a 119009->119011 119012 eea550 15 API calls 119009->119012 119010->119009 119013 f003c9 119011->119013 119014 eea550 15 API calls 119011->119014 119012->119011 119015 f00418 119013->119015 119016 eea550 15 API calls 119013->119016 119014->119013 119017 f004a5 119015->119017 119018 f00478 119015->119018 119016->119015 119019 eea550 15 API calls 119017->119019 119021 f00483 119017->119021 119020 eea550 15 API calls 119018->119020 119018->119021 119019->119021 119020->119021 119023 f00500 119021->119023 119060 eea490 15 API calls __fread_nolock 119021->119060 119024 eea550 15 API calls 119023->119024 119025 f00517 119023->119025 119024->119025 119026 f005b5 119025->119026 119027 eea550 15 API calls 119025->119027 119028 f00605 119026->119028 119029 eea550 15 API calls 119026->119029 119027->119026 119030 f00658 119028->119030 119031 eea550 15 API calls 119028->119031 119029->119028 119061 eea5d0 15 API calls 119030->119061 119031->119030 119033 f006ad 119033->118965 119034->118967 119035->118970 119036->118972 119037->118975 119038->118964 119040 effe8d 119039->119040 119041 effd6b 119039->119041 119040->118980 119041->119040 119042 effd7b 119041->119042 119043 effd96 119041->119043 119062 edbb20 15 API calls 119042->119062 119046 ed9610 15 API calls 119043->119046 119047 effdac __Strxfrm 119043->119047 119045 effd86 119045->118980 119046->119047 119047->119040 119063 edbb20 15 API calls 119047->119063 119049 effe7d 119049->118980 119051 efff2c 119050->119051 119052 effeb8 119050->119052 119051->118987 119052->119051 119064 edbb20 15 API calls 119052->119064 119054 efff1d 119054->118987 119055->118994 119056->118999 119057->118998 119058->119002 119059->119003 119060->119023 119061->119033 119062->119045 119063->119049 119064->119054 119065 e5bf1c 119066 eb4a10 41 API calls 119065->119066 119108 e5bf10 error_info_injector 119066->119108 119067 eb0ea0 41 API calls 119067->119108 119068 e5cdf6 119070 e32ab0 41 API calls 119068->119070 119069 eb4be0 41 API calls 119069->119108 119071 e5ce0d 119070->119071 119072 eb6e40 41 API calls 119071->119072 119087 e5ce22 119072->119087 119074 e5cea1 119122 f2cadb RaiseException 119074->119122 119076 e5ceb5 119077 e5ce53 119120 e323f0 41 API calls 119077->119120 119079 ebaa20 41 API calls 119079->119108 119080 f30390 39 API calls 119082 e5ce5d 119080->119082 119081 eba830 41 API calls 119081->119108 119084 e32ab0 41 API calls 119082->119084 119083 eb2d90 41 API calls 119083->119108 119085 e5ce74 119084->119085 119086 eb6e40 41 API calls 119085->119086 119086->119087 119121 e38cb0 41 API calls 2 library calls 119087->119121 119088 e5ce4e 119089 f30390 39 API calls 119088->119089 119089->119077 119090 e49620 108 API calls 119090->119108 119091 eb6ff0 41 API calls 119091->119108 119092 f10800 19 API calls 119092->119108 119093 eb0490 41 API calls 119093->119108 119094 e49b90 89 API calls 119094->119108 119095 eed060 19 API calls 119095->119108 119096 e5cd81 119097 eb5200 39 API calls 119096->119097 119101 e5b920 error_info_injector 119097->119101 119099 ee9ed0 15 API calls 119099->119108 119100 e5b96e error_info_injector 119101->119080 119101->119100 119102 edb9b0 15 API calls 119102->119108 119103 eb4a10 41 API calls 119103->119108 119104 f2ae70 41 API calls std::_Facet_Register 119104->119108 119105 e32b80 41 API calls 119105->119108 119107 eb0770 41 API calls 119107->119108 119108->119065 119108->119067 119108->119068 119108->119069 119108->119077 119108->119079 119108->119081 119108->119082 119108->119083 119108->119088 119108->119090 119108->119091 119108->119092 119108->119093 119108->119094 119108->119095 119108->119096 119108->119099 119108->119102 119108->119103 119108->119104 119108->119105 119108->119107 119109 eba1c0 119108->119109 119119 eebe30 15 API calls 119108->119119 119116 eba201 119109->119116 119110 eba24a 119112 f2ae70 std::_Facet_Register 41 API calls 119110->119112 119111 eba2ef 119123 e380f0 41 API calls 119111->119123 119114 eba264 119112->119114 119117 eb4a10 41 API calls 119114->119117 119115 eba2f4 119116->119110 119116->119111 119118 eba2b8 119116->119118 119117->119118 119118->119108 119119->119108 119121->119074 119122->119076 119123->119115 119124 ef09d5 119125 ef09f2 119124->119125 119142 eeded1 119124->119142 119126 ee4e70 19 API calls 119125->119126 119127 ef09fb 119126->119127 119128 ef449b 119127->119128 119129 ef0a12 119127->119129 119132 ef41e9 119128->119132 119149 ed9b70 15 API calls 119128->119149 119129->119142 119146 ee3650 15 API calls __fread_nolock 119129->119146 119134 ef46e5 119151 ed9b70 15 API calls 119134->119151 119135 ef4206 119136 ef4236 119135->119136 119147 ed9b70 15 API calls 119135->119147 119143 ef4247 119136->119143 119148 ed9b70 15 API calls 119136->119148 119140 ef4715 119141 ef4577 119150 ed9b70 15 API calls 119141->119150 119142->119132 119142->119134 119142->119135 119142->119136 119142->119141 119145 ee9550 19 API calls 119142->119145 119145->119142 119146->119142 119147->119136 119148->119132 119149->119132 119150->119132 119151->119140 119152 f2b30f 119153 f2b31b ___scrt_is_nonwritable_in_current_image 119152->119153 119180 f2af16 119153->119180 119155 f2b322 119156 f2b475 119155->119156 119166 f2b34c ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 119155->119166 119832 f2b8a4 4 API calls 2 library calls 119156->119832 119158 f2b47c 119825 f3ae3c 119158->119825 119162 f2b48a 119163 f2b36b 119164 f2b3ec 119191 f2b9bf 119164->119191 119166->119163 119166->119164 119828 f3ae16 41 API calls 4 library calls 119166->119828 119181 f2af1f 119180->119181 119834 f2b4a3 IsProcessorFeaturePresent 119181->119834 119183 f2af2b 119835 f2e96d 10 API calls 2 library calls 119183->119835 119185 f2af30 119186 f2af34 119185->119186 119836 f3e199 119185->119836 119186->119155 119189 f2af4b 119189->119155 119877 f2d0d0 119191->119877 119194 f2b3f2 119195 f3e267 119194->119195 119879 f493c6 119195->119879 119197 f2b3fa 119200 eabd40 119197->119200 119198 f3e270 119198->119197 119885 f49676 39 API calls 119198->119885 119888 f39089 GetSystemTimeAsFileTime 119200->119888 119202 eabd5e 119890 f30d3e 119202->119890 119204 eabd71 __fread_nolock __Strxfrm 119205 e32b80 41 API calls 119204->119205 119206 eabe08 119205->119206 119207 eb2e90 39 API calls 119206->119207 119208 eabe1a 119207->119208 119893 e32a10 119208->119893 119210 eabe26 SetUnhandledExceptionFilter 119898 eabb80 GetCursorPos 119210->119898 119212 eabe36 119213 eabe3a 119212->119213 119214 f39089 GetSystemTimeAsFileTime 119212->119214 129364 f3ac70 119825->129364 119828->119164 119832->119158 119833 f3ae00 21 API calls _unexpected 119833->119162 119834->119183 119835->119185 119840 f49fa4 119836->119840 119839 f2e98c 7 API calls 2 library calls 119839->119186 119841 f49fb4 119840->119841 119842 f2af3d 119840->119842 119841->119842 119844 f41cef 119841->119844 119842->119189 119842->119839 119845 f41cfb ___scrt_is_nonwritable_in_current_image 119844->119845 119856 f3b8e5 EnterCriticalSection 119845->119856 119847 f41d02 119857 f45fa9 119847->119857 119852 f41d31 119852->119841 119853 f41d1b 119871 f41c3f GetStdHandle GetFileType 119853->119871 119855 f41d20 119872 f41d46 LeaveCriticalSection std::_Lockit::~_Lockit 119855->119872 119856->119847 119858 f45fb5 ___scrt_is_nonwritable_in_current_image 119857->119858 119859 f45fbe 119858->119859 119860 f45fdf 119858->119860 119874 f38e1d 14 API calls __dosmaperr 119859->119874 119873 f3b8e5 EnterCriticalSection 119860->119873 119863 f45fc3 119875 f30380 39 API calls _strftime 119863->119875 119865 f46017 119876 f4603e LeaveCriticalSection std::_Lockit::~_Lockit 119865->119876 119866 f41d11 119866->119855 119870 f41b89 42 API calls 119866->119870 119867 f45feb 119867->119865 119869 f45ef9 __wsopen_s 15 API calls 119867->119869 119869->119867 119870->119853 119871->119855 119872->119852 119873->119867 119874->119863 119875->119866 119876->119866 119878 f2b9d2 GetStartupInfoW 119877->119878 119878->119194 119880 f493cf 119879->119880 119881 f49401 119879->119881 119886 f41876 39 API calls 3 library calls 119880->119886 119881->119198 119883 f493f2 119887 f491d1 49 API calls 3 library calls 119883->119887 119885->119198 119886->119883 119887->119881 119889 f390c2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 119888->119889 119889->119202 119891 f417bb __Getctype 39 API calls 119890->119891 119892 f30d48 119891->119892 119892->119204 119894 e32a1b 119893->119894 119895 e32a36 error_info_injector 119893->119895 119894->119895 119896 f30390 39 API calls 119894->119896 119895->119210 119897 e32a5a 119896->119897 119899 eabb95 GetCursorPos 119898->119899 119900 eabc68 GetPEB 119899->119900 119902 eabba7 119899->119902 119900->119902 119901 eabbb3 GetPEB 119901->119902 119902->119900 119902->119901 119902->119902 119903 eabcdd Sleep 119902->119903 119904 eabc28 Sleep GetCursorPos 119902->119904 119905 eabd07 119902->119905 119903->119899 119904->119900 119904->119902 119905->119212 129365 f3acaf 129364->129365 129366 f3ac9d 129364->129366 129376 f3ab01 129365->129376 129391 f2b9f5 GetModuleHandleW 129366->129391 129370 f3aca2 129370->129365 129392 f3ad51 GetModuleHandleExW 129370->129392 129371 f2b482 129371->119833 129377 f3ab0d ___scrt_is_nonwritable_in_current_image 129376->129377 129398 f3b8e5 EnterCriticalSection 129377->129398 129379 f3ab17 129399 f3ab88 129379->129399 129381 f3ab24 129403 f3ab42 129381->129403 129384 f3ad07 129408 f3ad38 129384->129408 129386 f3ad11 129387 f3ad25 129386->129387 129388 f3ad15 GetCurrentProcess TerminateProcess 129386->129388 129389 f3ad51 _unexpected 3 API calls 129387->129389 129388->129387 129390 f3ad2d ExitProcess 129389->129390 129391->129370 129393 f3adb1 129392->129393 129394 f3ad90 GetProcAddress 129392->129394 129396 f3acae 129393->129396 129397 f3adb7 FreeLibrary 129393->129397 129394->129393 129395 f3ada4 129394->129395 129395->129393 129396->129365 129397->129396 129398->129379 129400 f3ab94 ___scrt_is_nonwritable_in_current_image _unexpected 129399->129400 129402 f3abf8 _unexpected 129400->129402 129406 f3e004 14 API calls 3 library calls 129400->129406 129402->129381 129407 f3b92d LeaveCriticalSection 129403->129407 129405 f3ab30 129405->129371 129405->129384 129406->129402 129407->129405 129411 f46b1a 5 API calls _unexpected 129408->129411 129410 f3ad3d _unexpected 129410->129386 129411->129410 129412 f3d88c 129413 f3d895 129412->129413 129414 f3d8ab 129412->129414 129413->129414 129418 f3d8e4 129413->129418 129416 f3d8a2 129416->129414 129435 f3dbc2 15 API calls 3 library calls 129416->129435 129419 f3d8f0 129418->129419 129420 f3d8ed 129418->129420 129421 f493c6 49 API calls 129419->129421 129420->129416 129422 f3d8f6 129421->129422 129436 f496de GetEnvironmentStringsW 129422->129436 129425 f3d901 129427 f4279a ___free_lconv_mon 14 API calls 129425->129427 129426 f3d90d 129457 f3d993 39 API calls 3 library calls 129426->129457 129429 f3d907 129427->129429 129429->129416 129430 f3d914 129431 f4279a ___free_lconv_mon 14 API calls 129430->129431 129432 f3d931 129431->129432 129433 f4279a ___free_lconv_mon 14 API calls 129432->129433 129434 f3d937 129433->129434 129434->129416 129435->129414 129437 f496f6 129436->129437 129438 f3d8fb 129436->129438 129458 f465d8 129437->129458 129438->129425 129438->129426 129440 f49713 129441 f4971d FreeEnvironmentStringsW 129440->129441 129442 f49728 129440->129442 129441->129438 129443 f432e4 _strftime 15 API calls 129442->129443 129444 f4972f 129443->129444 129445 f49737 129444->129445 129446 f49748 129444->129446 129447 f4279a ___free_lconv_mon 14 API calls 129445->129447 129448 f465d8 _strftime WideCharToMultiByte 129446->129448 129449 f4973c FreeEnvironmentStringsW 129447->129449 129450 f49758 129448->129450 129449->129438 129451 f49767 129450->129451 129452 f4975f 129450->129452 129454 f4279a ___free_lconv_mon 14 API calls 129451->129454 129453 f4279a ___free_lconv_mon 14 API calls 129452->129453 129455 f49765 FreeEnvironmentStringsW 129453->129455 129454->129455 129455->129438 129457->129430 129459 f465eb _strftime 129458->129459 129460 f46629 WideCharToMultiByte 129459->129460 129460->129440

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 00E42090 Relevance: 74.2, APIs: 48, Instructions: 2178fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,A0A7A2DC,00F51CC3,?,00E87D20,0000000F,?,?,A0A7A2DB,A0A7A2DC,75923100,00000000), ref: 00E42253
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000001), ref: 00E424AC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E424B7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E424D2
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E424E1
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000001), ref: 00E424F7
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E42563
                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 00E42579
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00E42589
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E4258F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E425A9
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,75923100,0000000F), ref: 00E42786
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42917
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,FEFCC9DC,?,75923100,0000000F), ref: 00E42922
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42945
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(FEFCC9DB,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42A6C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42A77
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42A96
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42AA5
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(FEFCC9DB,00000000,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42ABB
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42BBC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42BC7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42BE6
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42BF6
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,EEE7C1DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42DA0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42DAB
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42DCA
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E42DD9
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,EEE7C1DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E42DEF
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E430EC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E430F7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43116
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43126
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,E9E6C4DC,?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E432E0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E432EB
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E4330A
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43319
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,E9E6C4DC,?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E4332F
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E4362C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E43637
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43656
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43666
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,?,?,?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E43820
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC,?,75923100,0000000F), ref: 00E4382B
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E4384A
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43859
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,E9E6C4DC,?,EEE7C1DC,?,?,?,?,FEFCC9DC), ref: 00E4386F
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E43AA6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Mtx_unlock$File$ErrorLast$Attributes$CreateDirectory$Find$CloseCopyFirstFolderNextPath
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1231064611-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7daece49de8327f36538130d80cfa6951e765efe2182f468d421f098a1194a0e
                                                                                                                                                                                                                                                                            • Instruction ID: 1994f3db4a70b3efe3b76b51cdd31e30022afc88d388b87d1d7860ac0928407f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7daece49de8327f36538130d80cfa6951e765efe2182f468d421f098a1194a0e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 890301319002488BDF08DFB8EC987EEBB71EF06304F64825CE455B7692DB749A85DB61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EA8CA0 Relevance: 66.0, APIs: 42, Instructions: 3001COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00E83690: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E83769
                                                                                                                                                                                                                                                                              • Part of subcall function 00E83690: CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E83802
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00F8AAFC,00000000,?,?,0000D8DB,0000D8DC), ref: 00EA8E17
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA90EC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA90F7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA9116
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA9125
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,0000004C), ref: 00EA9144
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA940C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA9417
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA9436
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA9445
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA9464
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,000000DC,?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA96BC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA96C7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA96E6
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA96F5
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,000000DC,?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA970B
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,EBEAE7CC,?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA9CDC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA9CE7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA9D06
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA9D15
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,EBEAE7CC,?,000000DC,?,?,?,?,-00000034,0000004C,?,0000004C), ref: 00EA9D34
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA40C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA417
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAA436
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAA445
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,0000004C), ref: 00EAA464
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA71C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA727
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAA746
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAA755
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA774
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,000000DC,?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA9E4
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAA9EF
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAAA0E
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAAA1D
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,000000DC,?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C), ref: 00EAAA33
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,EBEAE7CC,?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAB013
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C,?,0000004C), ref: 00EAB01E
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAB03D
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EAB04C
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,EBEAE7CC,?,000000DC,?,?,?,?,?,?,-0000001C,-00000034,0000004C), ref: 00EAB06B
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00F8AAFC,00000000,?,?,0000DFDB,0000DFDC), ref: 00EAA0AF
                                                                                                                                                                                                                                                                              • Part of subcall function 00EB3010: Concurrency::cancel_current_task.LIBCPMT ref: 00EB30F7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Mtx_unlock$CreateDirectory$AttributesErrorFileLast$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1910472006-0
                                                                                                                                                                                                                                                                            • Opcode ID: 081343b01c47b6948d5ba0c5496fcabe183f85329b35ff165581a5bf900ef8bf
                                                                                                                                                                                                                                                                            • Instruction ID: b5b5a0bffaac0f008eb7612aa58808f6a93b48399094f0316623166c6c5b354f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 081343b01c47b6948d5ba0c5496fcabe183f85329b35ff165581a5bf900ef8bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E443E531D002588BDF19CF68CC987EDBBB5EF4A304F148299E449BB292DB746AC5CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E833E0 Relevance: 64.4, APIs: 40, Instructions: 4431fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E83769
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E83802
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E83837
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E839F1
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E83A20
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E83B8C
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E83CA7
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E83D41
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E83F2C
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E84004
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E841FC
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E8441C
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E8462C
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E84721
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E8490C
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E849F1
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E84BCC
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E84CB1
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E84EAE
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E84F91
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E85327
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?), ref: 00E85451
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E8577A
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00000000), ref: 00E858FE
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E85D9B
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E85E31
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00E86065
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$CopyFile$FolderPath
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3277442881-0
                                                                                                                                                                                                                                                                            • Opcode ID: 21a21207e3fb71c35536bb12d92b6867be54e22d53857849e22535a215f277ec
                                                                                                                                                                                                                                                                            • Instruction ID: 8eedcc40fd133e11932edc40c1b0ba18e40a61d8c4fe93c77c4851e90e56d2fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21a21207e3fb71c35536bb12d92b6867be54e22d53857849e22535a215f277ec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA93F330C042988ADB25EB74CC597EDBBB4AF25304F1452DDD58E77292EB302B89DB61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E7CAA0 Relevance: 35.6, APIs: 22, Instructions: 2602fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E7CB07
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?), ref: 00E7CCC8
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00E7CCD9
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E7CCF8
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,?,?), ref: 00E7CE33
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 00E7CE3E
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E7CE5D
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,?,00000001,?,?,00000000,00000001,A0A7A2DB,A0A7A2DC,0000EAF5,0000EAF6), ref: 00E7D1F4
                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 00E7D7F1
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?,?,?), ref: 00E7D807
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,00EA8AAD,00F56FB2,?,?,0000DCDB,0000DCDC,?,?,?,?,?), ref: 00E7D935
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00E7DA3E
                                                                                                                                                                                                                                                                              • Part of subcall function 00EBAA20: Concurrency::cancel_current_task.LIBCPMT ref: 00EBAAFD
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000000), ref: 00E7DC4C
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,?,000000DB,000000DC,000000F4,000000F5,?,?,000000DB,000000DC), ref: 00E7DFFE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,000000DB,000000DC,000000F4,000000F5,?,?,000000DB,000000DC,?,?,?,?,?), ref: 00E7E009
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E7E028
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E7E038
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,000000DB,000000DC,?,?,?,?,?), ref: 00E7E057
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,?,00000000), ref: 00E7E3A3
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00E7EC55
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E7EF91
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E7EFDA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Mtx_unlock$AttributesCopyCreateDirectoryErrorFindLast$CloseConcurrency::cancel_current_taskFirstFolderNextPath
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3553622106-0
                                                                                                                                                                                                                                                                            • Opcode ID: f7c7be154b8108e10248f107f3648332c5433cd8722c17ea53c3e099374acf70
                                                                                                                                                                                                                                                                            • Instruction ID: d193871176a57854d760b8db2ac891b0717b7f0bc4b2a4dca1a5d0c2940fcd84
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7c7be154b8108e10248f107f3648332c5433cd8722c17ea53c3e099374acf70
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC33BD319042588BEF29CB68CC987EDBBB6EF59304F2482DCE44977292D7745AC5CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EA36E0 Relevance: 30.8, APIs: 17, Instructions: 5279COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,00000000,?,?), ref: 00EA3B9D
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,000000DC,?,?,00000000,?,?), ref: 00EA3BA8
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA3BC7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA3BD6
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,0000CADB), ref: 00EA4D3C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EA4D47
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA4D66
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,00000000,?,?,?,0000CADB), ref: 00EA50EC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000CADB), ref: 00EA50F7
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA5117
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,00000000,?,?,?,0000CADB), ref: 00EA514A
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA5155
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,00000000,?,?,?,0000CADB), ref: 00EA533C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,0000CADB), ref: 00EA5347
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA5366
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA5376
                                                                                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00EA4D75
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DC50: CreateDirectoryA.KERNEL32(?,00000000,00000000,?,0000EAF6), ref: 00E3DC66
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DC50: __Mtx_unlock.LIBCPMT ref: 00E3DC73
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Mtx_unlock$AttributesErrorFileLast$CreateDirectory
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3212106713-0
                                                                                                                                                                                                                                                                            • Opcode ID: 284efd523641f7ad193504c2f2eca60dc6d1b5e64821aa49ce6779904098eebc
                                                                                                                                                                                                                                                                            • Instruction ID: 1365a684f59dc789a36142d0266f97f8a6b6a6d8e536ef99075e3a758670ce86
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 284efd523641f7ad193504c2f2eca60dc6d1b5e64821aa49ce6779904098eebc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B3E030C042588ADB19DF74CC587EEBBB0AF5A304F1452DDE44A7B292EB746A85CF61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E80BD0 Relevance: 26.2, APIs: 13, Strings: 1, Instructions: 1674registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?,00F8D150,00000000,?), ref: 00E80D08
                                                                                                                                                                                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 00E80D43
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 00E80D69
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,?,00000104,E3E8E5C2,E3E8E5C3), ref: 00E80EE8
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,?,00000104,DAC8C5CE,DAC8C5CF,?,?,?,?,000000AA,000000AB), ref: 00E8116B
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000104,DADDC5D4,DADDC5D5,?,?,?,?,000000AA,000000AB), ref: 00E8122E
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000003,?,00000200,DAC8C5CE,DAC8C5CF,?,?,?,?,000000AA,000000AB), ref: 00E813F2
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000200,B9D9C7D7,?,?,?,?,000000AA,000000AB), ref: 00E8147F
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000200,DADDDCCF,?,?,?,?,000000AA,000000AB), ref: 00E8151B
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000003,?,00000200,DADDC5D4,?,?,?,?,000000AA,000000AB), ref: 00E81595
                                                                                                                                                                                                                                                                              • Part of subcall function 00E5E780: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00E56E28
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00E823A6
                                                                                                                                                                                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000001,?,00000104), ref: 00E823D9
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00E823ED
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: QueryValue$CloseEnumOpen$CryptDataUnprotect
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 1399465611-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: 74b31ac058cd37781d4f9cf33941650891951229078ec46a5f127cd44679590b
                                                                                                                                                                                                                                                                            • Instruction ID: 66858fc60215eb47a4513a11ba95b0d51a6de9a4786d010313527a157dad803a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74b31ac058cd37781d4f9cf33941650891951229078ec46a5f127cd44679590b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3F29B70C042588ADB29DF64CC98BEEBBB5AF19304F1482DDE44D77292EB745A89CF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EA0310 Relevance: 18.7, APIs: 3, Strings: 6, Instructions: 2996COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00EA29DC
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DBD0: GetFileAttributesA.KERNEL32(?,?,0000EAF6), ref: 00E3DBFE
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DBD0: GetLastError.KERNEL32(?,?,0000EAF6), ref: 00E3DC09
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DBD0: __Mtx_unlock.LIBCPMT ref: 00E3DC2E
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DC50: CreateDirectoryA.KERNEL32(?,00000000,00000000,?,0000EAF6), ref: 00E3DC66
                                                                                                                                                                                                                                                                              • Part of subcall function 00E3DC50: __Mtx_unlock.LIBCPMT ref: 00E3DC73
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,?), ref: 00EA2C25
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,?), ref: 00EA2D1A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$Mtx_unlock$AttributesErrorFileLast
                                                                                                                                                                                                                                                                            • String ID: @$^$$$$
                                                                                                                                                                                                                                                                            • API String ID: 998707984-2698573085
                                                                                                                                                                                                                                                                            • Opcode ID: fbaf0b10bef1b00c22d95c3151cc3ca47c55dd4e8ad61b0db65f88247a87d912
                                                                                                                                                                                                                                                                            • Instruction ID: 8341e45c229078eabc98375d1f0056c8eed79a2e5c88c16d92b25d6b72d7d09a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbaf0b10bef1b00c22d95c3151cc3ca47c55dd4e8ad61b0db65f88247a87d912
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B53D130C042588ADB25DF74C8597EEBBB4AF19304F1451EDE58A77292EB342B88DF61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00ECC7BA Relevance: 15.7, APIs: 10, Instructions: 716libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 11525 ecc7ba-ecc7c6 11526 ecc7dc-ecc80f call f2b0f1 11525->11526 11527 ecc7c8-ecc7d6 11525->11527 11533 ecc813-ecc81e 11526->11533 11527->11526 11528 eccefb-eccf87 call f30390 11527->11528 11537 eccf89 11528->11537 11538 eccf8b-eccf9c 11528->11538 11533->11533 11535 ecc820-ecc83e 11533->11535 11536 ecc845-ecc84a 11535->11536 11536->11536 11539 ecc84c-ecc87b call e32b80 GetProcAddress 11536->11539 11537->11538 11543 ecd189 11538->11543 11544 eccfa2-eccfaf 11538->11544 11545 ecc87d-ecc889 11539->11545 11546 ecc8a9-ecc8ce 11539->11546 11547 ecd18d-ecd1aa call eb5430 11543->11547 11548 eccfb2-eccfbb 11544->11548 11550 ecc89f-ecc8a6 call f2b0f1 11545->11550 11551 ecc88b-ecc899 11545->11551 11553 ecc8d0-ecc8db 11546->11553 11548->11548 11549 eccfbd-eccfc2 11548->11549 11549->11543 11554 eccfc8-eccfcb 11549->11554 11550->11546 11551->11550 11553->11553 11557 ecc8dd-ecc8fb 11553->11557 11554->11543 11558 eccfd1-eccfe6 11554->11558 11560 ecc902-ecc907 11557->11560 11558->11543 11564 eccfec-eccff0 11558->11564 11560->11560 11561 ecc909-ecc932 call e32b80 GetProcAddress 11560->11561 11566 ecc934-ecc940 11561->11566 11567 ecc960-ecc974 11561->11567 11564->11543 11568 eccff6-eccffe 11564->11568 11569 ecc956-ecc95d call f2b0f1 11566->11569 11570 ecc942-ecc950 11566->11570 11571 ecc978-ecc983 11567->11571 11568->11543 11572 ecd004-ecd00f 11568->11572 11569->11567 11570->11569 11571->11571 11574 ecc985-ecc9aa 11571->11574 11575 ecd018 11572->11575 11576 ecd011-ecd016 11572->11576 11579 ecc9b0-ecc9b5 11574->11579 11577 ecd01a-ecd02f 11575->11577 11576->11577 11584 ecd031-ecd040 11577->11584 11585 ecd042-ecd04c 11577->11585 11579->11579 11580 ecc9b7-ecc9e0 call e32b80 GetProcAddress 11579->11580 11587 ecca0e-ecca2f 11580->11587 11588 ecc9e2-ecc9ee 11580->11588 11586 ecd051-ecd05e 11584->11586 11585->11586 11586->11543 11596 ecd064-ecd079 call eb29b0 11586->11596 11589 ecca30-ecca3b 11587->11589 11590 ecca04-ecca0b call f2b0f1 11588->11590 11591 ecc9f0-ecc9fe 11588->11591 11589->11589 11592 ecca3d-ecca5b 11589->11592 11590->11587 11591->11590 11597 ecca62-ecca67 11592->11597 11602 ecd088-ecd08c 11596->11602 11603 ecd07b-ecd083 call eb5430 11596->11603 11597->11597 11599 ecca69-ecca92 call e32b80 GetProcAddress 11597->11599 11606 ecca94-eccaa0 11599->11606 11607 eccac0-eccade 11599->11607 11608 ecd139-ecd15a 11602->11608 11609 ecd092-ecd0f7 call eb2d90 11602->11609 11603->11543 11611 eccab6-eccabd call f2b0f1 11606->11611 11612 eccaa2-eccab0 11606->11612 11613 eccae2-eccaed 11607->11613 11621 ecd15e-ecd16e call eb5430 11608->11621 11626 ecd0f9-ecd105 11609->11626 11627 ecd125-ecd137 11609->11627 11611->11607 11612->11611 11613->11613 11618 eccaef-eccb0d 11613->11618 11619 eccb14-eccb19 11618->11619 11619->11619 11622 eccb1b-eccb44 call e32b80 GetProcAddress 11619->11622 11621->11543 11632 ecd170-ecd175 11621->11632 11634 eccb46-eccb52 11622->11634 11635 eccb72-eccb8e 11622->11635 11630 ecd11b-ecd122 call f2b0f1 11626->11630 11631 ecd107-ecd115 11626->11631 11627->11621 11630->11627 11631->11630 11636 ecd1ad-ecd1b2 call f30390 11631->11636 11632->11543 11633 ecd177-ecd187 11632->11633 11633->11543 11633->11547 11638 eccb68-eccb6f call f2b0f1 11634->11638 11639 eccb54-eccb62 11634->11639 11642 eccb93-eccb9e 11635->11642 11638->11635 11639->11638 11642->11642 11646 eccba0-eccbbe 11642->11646 11648 eccbc5-eccbca 11646->11648 11648->11648 11649 eccbcc-eccbf5 call e32b80 GetProcAddress 11648->11649 11652 eccbf7-eccc03 11649->11652 11653 eccc23-eccc3b 11649->11653 11654 eccc19-eccc20 call f2b0f1 11652->11654 11655 eccc05-eccc13 11652->11655 11656 eccc40-eccc4b 11653->11656 11654->11653 11655->11654 11656->11656 11658 eccc4d-eccc6b 11656->11658 11660 eccc72-eccc77 11658->11660 11660->11660 11661 eccc79-eccca2 call e32b80 GetProcAddress 11660->11661 11664 eccca4-ecccb0 11661->11664 11665 ecccd0-ecccef 11661->11665 11667 ecccc6-eccccd call f2b0f1 11664->11667 11668 ecccb2-ecccc0 11664->11668 11666 ecccf0-ecccfb 11665->11666 11666->11666 11669 ecccfd-eccd1b 11666->11669 11667->11665 11668->11667 11672 eccd22-eccd27 11669->11672 11672->11672 11673 eccd29-eccd52 call e32b80 GetProcAddress 11672->11673 11676 eccd54-eccd60 11673->11676 11677 eccd80-eccd9c 11673->11677 11678 eccd76-eccd7d call f2b0f1 11676->11678 11679 eccd62-eccd70 11676->11679 11680 eccda1-eccdac 11677->11680 11678->11677 11679->11678 11680->11680 11682 eccdae-eccdcc 11680->11682 11683 eccdd3-eccdd8 11682->11683 11683->11683 11685 eccdda-ecce03 call e32b80 GetProcAddress 11683->11685 11688 ecce05-ecce11 11685->11688 11689 ecce31-ecce4d 11685->11689 11690 ecce27-ecce2e call f2b0f1 11688->11690 11691 ecce13-ecce21 11688->11691 11692 ecce52-ecce5d 11689->11692 11690->11689 11691->11690 11692->11692 11694 ecce5f-ecce7d 11692->11694 11696 ecce84-ecce89 11694->11696 11696->11696 11697 ecce8b-ecceb4 call e32b80 GetProcAddress 11696->11697 11700 eccede-eccefa 11697->11700 11701 ecceb6-eccec2 11697->11701 11702 ecced4-eccedb call f2b0f1 11701->11702 11703 eccec4-ecced2 11701->11703 11702->11700 11703->11702
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECC86E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECC925
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECC9D3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCA85
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCB37
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCBE8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCC95
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCD45
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCDF6
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00ECCEA7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 190572456-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9bd8d167f59d47188311658929b8d136721859c74d74772b4584183c3ed8ad87
                                                                                                                                                                                                                                                                            • Instruction ID: 84632d57d6644c3ec9e8dc410e2b28fc025503436407919d0aff1db45c23b1b9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bd8d167f59d47188311658929b8d136721859c74d74772b4584183c3ed8ad87
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4342F131D142488AEB08CFB8C995BFEBBB5EF59304F24C21DE4557B692E7315186CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00ECE4B0 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 11706 ece4b0-ece4cd 11707 ece4df 11706->11707 11708 ece4cf 11706->11708 11710 ece4e1-ece4e5 11707->11710 11709 ece4d0-ece4d2 11708->11709 11713 ece518-ece519 11709->11713 11714 ece4d4-ece4dd CharNextA 11709->11714 11711 ece4f6 11710->11711 11712 ece4e7-ece4e9 11710->11712 11715 ece4f8-ece4fe 11711->11715 11712->11715 11716 ece4eb-ece4f4 CharNextA 11712->11716 11713->11710 11714->11707 11714->11709 11717 ece50f-ece517 11715->11717 11718 ece500-ece502 11715->11718 11716->11711 11716->11712 11719 ece51b-ece523 11718->11719 11720 ece504-ece50d CharNextA 11718->11720 11721 ece52e-ece530 11719->11721 11722 ece525-ece52c lstrlenA 11719->11722 11720->11717 11720->11718 11723 ece532-ece56e GetProcessHeap HeapAlloc lstrcpynA call ece1d0 11721->11723 11722->11723 11725 ece573-ece58f GetProcessHeap HeapFree 11723->11725
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00ECE4D5
                                                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00ECE4EC
                                                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00ECE505
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36, xrefs: 00ECE562
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                                                                                                            • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                                                                                                                                                                                                                                            • API String ID: 3213498283-2732702261
                                                                                                                                                                                                                                                                            • Opcode ID: 84e28947cce52abb28a055327931a29bf00fc42819c2e5d8184b0f10ab3b9e43
                                                                                                                                                                                                                                                                            • Instruction ID: ac9dffb4265c5ecba6e16d5cc2fbf2ae1d72f8f23ae784f4d3dada133223d436
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84e28947cce52abb28a055327931a29bf00fc42819c2e5d8184b0f10ab3b9e43
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F2126359002186BCF295FA85D44FFABBA9AF4A719B04009DED98B7311D6324E0396A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E7A530 Relevance: 14.0, APIs: 9, Instructions: 504libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 11854 e7a530-e7a551 11855 e7a557-e7a56d 11854->11855 11856 e7ab75-e7ab7e 11854->11856 11857 e7a571-e7a57c 11855->11857 11857->11857 11858 e7a57e-e7a59c 11857->11858 11859 e7a5a3-e7a5a8 11858->11859 11859->11859 11860 e7a5aa-e7a5de call e32b80 LoadLibraryA 11859->11860 11863 e7a5e0-e7a5ec 11860->11863 11864 e7a60f-e7a611 11860->11864 11865 e7a602-e7a60c call f2b0f1 11863->11865 11866 e7a5ee-e7a5fc 11863->11866 11864->11856 11867 e7a617-e7a63c 11864->11867 11865->11864 11866->11865 11868 e7ab7f-e7aba7 call f30390 11866->11868 11870 e7a640-e7a64b 11867->11870 11870->11870 11873 e7a64d-e7a66b 11870->11873 11875 e7a672-e7a677 11873->11875 11875->11875 11876 e7a679-e7a6ad call e32b80 GetProcAddress 11875->11876 11879 e7a6af-e7a6bb 11876->11879 11880 e7a6db-e7a6fd 11876->11880 11881 e7a6d1-e7a6d8 call f2b0f1 11879->11881 11882 e7a6bd-e7a6cb 11879->11882 11883 e7a700-e7a70b 11880->11883 11881->11880 11882->11881 11883->11883 11885 e7a70d-e7a72b 11883->11885 11887 e7a732-e7a737 11885->11887 11887->11887 11888 e7a739-e7a767 call e32b80 GetProcAddress 11887->11888 11891 e7a795-e7a7ac 11888->11891 11892 e7a769-e7a775 11888->11892 11893 e7a7b0-e7a7bb 11891->11893 11894 e7a777-e7a785 11892->11894 11895 e7a78b-e7a792 call f2b0f1 11892->11895 11893->11893 11896 e7a7bd-e7a7db 11893->11896 11894->11895 11895->11891 11899 e7a7e2-e7a7e7 11896->11899 11899->11899 11900 e7a7e9-e7a817 call e32b80 GetProcAddress 11899->11900 11903 e7a845-e7a85c 11900->11903 11904 e7a819-e7a825 11900->11904 11907 e7a860-e7a86b 11903->11907 11905 e7a827-e7a835 11904->11905 11906 e7a83b-e7a842 call f2b0f1 11904->11906 11905->11906 11906->11903 11907->11907 11909 e7a86d-e7a88b 11907->11909 11910 e7a892-e7a897 11909->11910 11910->11910 11912 e7a899-e7a8c7 call e32b80 GetProcAddress 11910->11912 11915 e7a8f5-e7a910 11912->11915 11916 e7a8c9-e7a8d5 11912->11916 11919 e7a914-e7a91f 11915->11919 11917 e7a8d7-e7a8e5 11916->11917 11918 e7a8eb-e7a8f2 call f2b0f1 11916->11918 11917->11918 11918->11915 11919->11919 11921 e7a921-e7a93f 11919->11921 11923 e7a946-e7a94b 11921->11923 11923->11923 11924 e7a94d-e7a97b call e32b80 GetProcAddress 11923->11924 11927 e7a97d-e7a989 11924->11927 11928 e7a9a9-e7a9bf 11924->11928 11929 e7a99f-e7a9a6 call f2b0f1 11927->11929 11930 e7a98b-e7a999 11927->11930 11931 e7a9c3-e7a9ce 11928->11931 11929->11928 11930->11929 11931->11931 11933 e7a9d0-e7a9ee 11931->11933 11935 e7a9f5-e7a9fa 11933->11935 11935->11935 11936 e7a9fc-e7aa2a call e32b80 GetProcAddress 11935->11936 11939 e7aa2c-e7aa38 11936->11939 11940 e7aa58-e7aa6e 11936->11940 11942 e7aa4e-e7aa55 call f2b0f1 11939->11942 11943 e7aa3a-e7aa48 11939->11943 11941 e7aa72-e7aa7d 11940->11941 11941->11941 11944 e7aa7f-e7aa9d 11941->11944 11942->11940 11943->11942 11947 e7aaa4-e7aaa9 11944->11947 11947->11947 11948 e7aaab-e7aad9 call e32b80 GetProcAddress 11947->11948 11951 e7ab0c-e7ab25 11948->11951 11952 e7aadb-e7aae7 11948->11952 11955 e7ab27-e7ab2e 11951->11955 11956 e7ab69-e7ab6f FreeLibrary 11951->11956 11953 e7aafd-e7ab09 call f2b0f1 11952->11953 11954 e7aae9-e7aaf7 11952->11954 11953->11951 11954->11953 11955->11956 11958 e7ab30-e7ab37 11955->11958 11956->11856 11958->11956 11959 e7ab39-e7ab40 11958->11959 11959->11956 11961 e7ab42-e7ab49 11959->11961 11961->11956 11962 e7ab4b-e7ab52 11961->11962 11962->11956 11963 e7ab54-e7ab56 11962->11963 11963->11956 11964 e7ab58-e7ab68 11963->11964
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,E6FCE9F1,E6FCE9F2,?), ref: 00E7A5C5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 00E7A6A0
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 00E7A75A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,0000E9D1), ref: 00E7A80A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,E6FCE9D1), ref: 00E7A8BA
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,E6FCE9D1), ref: 00E7A96E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,E6FCE9D1), ref: 00E7AA1D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,E6FCE9D1), ref: 00E7AACC
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 00E7AB6F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2449869053-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8bced92fa077b19e13429e24a5f04216ed28114b198a4f9a6a4785e990a19c32
                                                                                                                                                                                                                                                                            • Instruction ID: fe2fa9e301e70e78d6c37e81ede50eaecbb733d8f1ca3aeaaedde20260824a41
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bced92fa077b19e13429e24a5f04216ed28114b198a4f9a6a4785e990a19c32
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 621201318042488BDF0DCFA8DC99BFEBBB1EF49314F18822DE4457A6A2E7705685CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E9D5A0 Relevance: 13.8, Strings: 9, Instructions: 2586COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID: `$$$$$$$$
                                                                                                                                                                                                                                                                            • API String ID: 118556049-1432355619
                                                                                                                                                                                                                                                                            • Opcode ID: 6f35ad40656b506a967933fc08df72f0b2e0ba85f7cafd4fc766208cb2fb85e8
                                                                                                                                                                                                                                                                            • Instruction ID: 96e572451d93a3c37cede02d688e10cf81a37bbb084e009f46a0eb1d9272d342
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f35ad40656b506a967933fc08df72f0b2e0ba85f7cafd4fc766208cb2fb85e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C43A230C142988ADB25EB74CC59BEEBBB4AF15304F1411DDE58A73292EB342B85DF25
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E78A20 Relevance: 12.4, APIs: 5, Strings: 1, Instructions: 1939stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E78BC0
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00E78D47
                                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00E78EF0
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E7A04A
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?), ref: 00E7A424
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$FolderNamesPathSectionStringUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                                                                                            • String ID: 'IZI
                                                                                                                                                                                                                                                                            • API String ID: 3203477177-750694974
                                                                                                                                                                                                                                                                            • Opcode ID: 510f78cf83e53dadeb29544534e1f6e02577c8c818955cb5dd60c7d27555dc49
                                                                                                                                                                                                                                                                            • Instruction ID: d48119f99ae736e2414bc824ad25c53006d712e3ffdeb11f3d221231e0ce1ef3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 510f78cf83e53dadeb29544534e1f6e02577c8c818955cb5dd60c7d27555dc49
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D603F331D002589BDB19CF68CC98BEEBBB1EF55304F14829CE44977292EB749AC5CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E54B20 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 18742 e54b20-e54b52 WSAStartup 18743 e54c26-e54c2f 18742->18743 18744 e54b58-e54b82 call e380b0 * 2 18742->18744 18749 e54b84-e54b88 18744->18749 18750 e54b8e-e54bd4 getaddrinfo 18744->18750 18749->18743 18749->18750 18751 e54bd6-e54bdc 18750->18751 18752 e54c20 WSACleanup 18750->18752 18753 e54c34-e54c3e freeaddrinfo 18751->18753 18754 e54bde 18751->18754 18752->18743 18753->18752 18756 e54c40-e54c48 18753->18756 18755 e54be4-e54bf8 socket 18754->18755 18755->18752 18757 e54bfa-e54c0a connect 18755->18757 18758 e54c30 18757->18758 18759 e54c0c-e54c14 closesocket 18757->18759 18758->18753 18759->18755 18760 e54c16-e54c1a freeaddrinfo 18759->18760 18760->18752
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WSAStartup.WS2_32 ref: 00E54B4A
                                                                                                                                                                                                                                                                            • getaddrinfo.WS2_32(?,?,?,00F8D068), ref: 00E54BCC
                                                                                                                                                                                                                                                                            • socket.WS2_32(00000014,00000000,00000000), ref: 00E54BED
                                                                                                                                                                                                                                                                            • connect.WS2_32(00000000,00000000,00000000), ref: 00E54C01
                                                                                                                                                                                                                                                                            • closesocket.WS2_32(00000000), ref: 00E54C0D
                                                                                                                                                                                                                                                                            • freeaddrinfo.WS2_32(?,?,?,?,00F8D068,?,?), ref: 00E54C1A
                                                                                                                                                                                                                                                                            • WSACleanup.WS2_32 ref: 00E54C20
                                                                                                                                                                                                                                                                            • freeaddrinfo.WS2_32(?,?,?,?,00F8D068,?,?), ref: 00E54C35
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: freeaddrinfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 58224237-0
                                                                                                                                                                                                                                                                            • Opcode ID: 49fc7fd3ba23b39c15dc910886e9a84914c39eb75705e352accbe0e712f3819e
                                                                                                                                                                                                                                                                            • Instruction ID: 986b40c3de69e685a038caac25001b3fb1002f4bfe6311eb87cb79931c071f0c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49fc7fd3ba23b39c15dc910886e9a84914c39eb75705e352accbe0e712f3819e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B31B4725053049FD7209F25EC48B2ABBE5FFC873AF001B19FDA5A31E0D37099489A92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E763F0 Relevance: 11.5, APIs: 4, Strings: 1, Instructions: 2771stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E765B4
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00E7673A
                                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00E768E0
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,00000000), ref: 00E788B8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • cannot use operator[] with a string argument with , xrefs: 00E789D2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 1311570089-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: 1121f7c2bf4efae5bc8b1dd07b1673430eb654f799ccd4a0a97032de089740c7
                                                                                                                                                                                                                                                                            • Instruction ID: 983c27d8b24b6f4af6c8686c59ae0e1c186268f2bef94626e6f16ed962b80cdb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1121f7c2bf4efae5bc8b1dd07b1673430eb654f799ccd4a0a97032de089740c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07430430D042498FDB19CF68CC587EEBBB1EF55304F24929CE449B7292EB74AA85CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E70AA0 Relevance: 11.1, APIs: 6, Instructions: 2149stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00E70BBA
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,00000000), ref: 00E70C8B
                                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(?,00000000,00000000,?,00000104,00000000), ref: 00E70D9D
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?), ref: 00E71DC7
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?), ref: 00E72019
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,000000D7,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00E72BB4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateDirectoryPrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 399547383-0
                                                                                                                                                                                                                                                                            • Opcode ID: ce43bc71d6a61aeaa55b9b74763e593a7ef4f055299896efa38f7339119410c7
                                                                                                                                                                                                                                                                            • Instruction ID: 3d90b9461a195d18657fe67d3c2ed8cbd8808dfdb6f505dfcd4829e205ca7552
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce43bc71d6a61aeaa55b9b74763e593a7ef4f055299896efa38f7339119410c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9523D430C1439C8ADB25EBB4C8597EEBBB4AF25304F1051DDD54A37292EB342B89DB61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E744B0 Relevance: 11.0, APIs: 4, Strings: 1, Instructions: 2210COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E74676
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00E7481C
                                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00E749C0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • cannot use operator[] with a string argument with , xrefs: 00E763AC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$FolderNamesPathSectionString
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 1539182551-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: 5297be1d8acbee78742ddfaac3ea3424dea61484cf0545c88d2ad4c9815b2a84
                                                                                                                                                                                                                                                                            • Instruction ID: c49e856b68e0f9352c1d9de2025a06f810882f4644d4d3ffe8524ad7e961c6cc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5297be1d8acbee78742ddfaac3ea3424dea61484cf0545c88d2ad4c9815b2a84
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8313E171D002588BEB19CF68CC987EEBBB1EF55304F14829CE4497B292EB746AC5CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E72C20 Relevance: 10.5, APIs: 4, Strings: 1, Instructions: 1763stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00E72DAF
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00E72F37
                                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00E730FD
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00E9CDF0,00000000), ref: 00E742FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 1311570089-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: 263686c991735f8bac841e2767684d22ae57be64f1711c5cb2cd6f2d4921c56e
                                                                                                                                                                                                                                                                            • Instruction ID: 465c20b1100de497fe2688b01c11f577a1fb0069a7d58e58ed31d6c3efae85e9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 263686c991735f8bac841e2767684d22ae57be64f1711c5cb2cd6f2d4921c56e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9F20371D002588BDB19CF68CC947EEBBB1EF55304F14829DE449B7292EB709B85CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E3E8C0 Relevance: 9.6, APIs: 6, Instructions: 596COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 22060 e3e8c0-e3e95d call f2d0d0 GetWindowsDirectoryA 22063 e3e963-e3e97d 22060->22063 22064 e3ee40-e3ee54 22060->22064 22065 e3e980-e3e98b 22063->22065 22065->22065 22066 e3e98d-e3e9ab 22065->22066 22067 e3e9b2-e3e9b7 22066->22067 22067->22067 22068 e3e9b9-e3e9fb call e32b80 22067->22068 22071 e3ea00-e3ea05 22068->22071 22071->22071 22072 e3ea07-e3ea1d call e32b80 22071->22072 22075 e3ea4b-e3ea5f 22072->22075 22076 e3ea1f-e3ea2b 22072->22076 22079 e3ea60-e3ea6b 22075->22079 22077 e3ea41-e3ea48 call f2b0f1 22076->22077 22078 e3ea2d-e3ea3b 22076->22078 22077->22075 22078->22077 22080 e3ee5f-e3ef04 call f30390 MultiByteToWideChar 22078->22080 22079->22079 22082 e3ea6d-e3ea8b 22079->22082 22090 e3ef0a-e3ef19 call f30c90 22080->22090 22091 e3efb9-e3efbf 22080->22091 22085 e3ea92-e3ea97 22082->22085 22085->22085 22087 e3ea99-e3eae3 call e32b80 22085->22087 22096 e3eae6-e3eaeb 22087->22096 22101 e3efb6 22090->22101 22102 e3ef1f-e3ef35 MultiByteToWideChar 22090->22102 22093 e3efc1-e3efcd 22091->22093 22094 e3efe9-e3effa 22091->22094 22097 e3efdf-e3efe6 call f2b0f1 22093->22097 22098 e3efcf-e3efdd 22093->22098 22096->22096 22100 e3eaed-e3eb1c call e32b80 22096->22100 22097->22094 22098->22097 22110 e3eb23-e3eb28 22100->22110 22101->22091 22105 e3ef37-e3ef5f WideCharToMultiByte 22102->22105 22106 e3efad-e3efb3 call f393b4 22102->22106 22105->22106 22109 e3ef61-e3ef70 call f30c90 22105->22109 22106->22101 22109->22106 22117 e3ef72-e3ef8a WideCharToMultiByte 22109->22117 22110->22110 22113 e3eb2a-e3eb55 call e32b80 call e3e070 22110->22113 22126 e3eb83-e3eb9a 22113->22126 22127 e3eb57-e3eb63 22113->22127 22119 e3efa4-e3efaa call f393b4 22117->22119 22120 e3ef8c-e3ef8e 22117->22120 22119->22106 22122 e3ef91-e3ef96 22120->22122 22122->22122 22125 e3ef98-e3ef9f call eb2bf0 22122->22125 22125->22119 22132 e3eba0-e3ebb0 22126->22132 22133 e3ecde-e3ed09 GetVolumeInformationA 22126->22133 22130 e3eb65-e3eb73 22127->22130 22131 e3eb79-e3eb80 call f2b0f1 22127->22131 22130->22080 22130->22131 22131->22126 22137 e3ebb6-e3ebc1 22132->22137 22134 e3ee08-e3ee16 call eb5200 22133->22134 22135 e3ed0f-e3ed3b call f2d0d0 22133->22135 22134->22064 22147 e3ee18-e3ee24 22134->22147 22146 e3ed41-e3ed4c 22135->22146 22137->22137 22138 e3ebc3-e3ebe1 22137->22138 22142 e3ebe8-e3ebed 22138->22142 22142->22142 22145 e3ebef-e3ec22 call e32b80 22142->22145 22156 e3ec25-e3ec2a 22145->22156 22146->22146 22151 e3ed4e-e3ed6c 22146->22151 22148 e3ee36-e3ee3d call f2b0f1 22147->22148 22149 e3ee26-e3ee34 22147->22149 22148->22064 22149->22080 22149->22148 22154 e3ed73-e3ed78 22151->22154 22154->22154 22157 e3ed7a-e3edb3 call e32b80 call e33090 22154->22157 22156->22156 22158 e3ec2c-e3ec39 22156->22158 22170 e3ede1-e3edea 22157->22170 22171 e3edb5-e3edc1 22157->22171 22161 e3ee55 call e323f0 22158->22161 22162 e3ec3f-e3ec43 22158->22162 22168 e3ee5a call f30390 22161->22168 22165 e3ec47-e3ec67 call ebaa20 22162->22165 22166 e3ec45 22162->22166 22177 e3ec94-e3ecb0 22165->22177 22178 e3ec69-e3ec75 22165->22178 22166->22165 22168->22080 22176 e3edf0-e3edf5 22170->22176 22174 e3edc3-e3edd1 22171->22174 22175 e3edd7-e3edde call f2b0f1 22171->22175 22174->22168 22174->22175 22175->22170 22176->22176 22181 e3edf7-e3ee03 call eb2bf0 22176->22181 22177->22133 22179 e3ecb2-e3ecbe 22177->22179 22182 e3ec77-e3ec84 22178->22182 22183 e3ec8a-e3ec91 call f2b0f1 22178->22183 22184 e3ecc0-e3ecce 22179->22184 22185 e3ecd4-e3ecdb call f2b0f1 22179->22185 22181->22134 22182->22080 22182->22183 22183->22177 22184->22080 22184->22185 22185->22133
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,?), ref: 00E3E955
                                                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00E3ED01
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 00E3EEF9
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000010,00000000,?,000000FF,00000000,00000010), ref: 00E3EF2D
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(000004E3,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00E3EF54
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000), ref: 00E3EF82
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$DirectoryInformationVolumeWindows
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 328434776-0
                                                                                                                                                                                                                                                                            • Opcode ID: 42df63f829b88320e6a4690f4181432bda36b74a111c56975ad57eb807009acc
                                                                                                                                                                                                                                                                            • Instruction ID: 74c7408e9deb8e2916acd7f1cf1e1802e52d153e8dce2ee108a7e771438c45a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42df63f829b88320e6a4690f4181432bda36b74a111c56975ad57eb807009acc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F22F271D002499BDB18CFA4CC99BEEBBB5EF45304F24825DE401BB2C1E775AA85CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E60D10 Relevance: 8.4, APIs: 2, Strings: 1, Instructions: 3195COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,00000000,000000E4), ref: 00E60E43
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E6348D
                                                                                                                                                                                                                                                                              • Part of subcall function 00E5E780: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00E56E28
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • cannot use operator[] with a string argument with , xrefs: 00E63CFB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptDataFolderPathUnothrow_t@std@@@Unprotect__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 771549730-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: 358093c981d0f20cb8cfc117c02bfc0f1c1d4b3123ceeec0c144fc540fb41964
                                                                                                                                                                                                                                                                            • Instruction ID: 6428658697f724a9b2d328a575fd3dc27d64c46ebf5a977fe6714fef3cc7cbb1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 358093c981d0f20cb8cfc117c02bfc0f1c1d4b3123ceeec0c144fc540fb41964
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3063FF30D042888BDB29DF74D8597EEBBB0AF15304F1452DDE44A77292EB346B85CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E52020 Relevance: 8.4, Strings: 5, Instructions: 2137COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID: Content-Type: application/x-www-form-urlencoded$https://ipinfo.io/$https://www.maxmind.com/en/locate-my-ip-address$$
                                                                                                                                                                                                                                                                            • API String ID: 118556049-2975632343
                                                                                                                                                                                                                                                                            • Opcode ID: ad7f4345f5939cd5cad77a6fed875a5a7e960c5f628e316d58cb84bf61d6d09c
                                                                                                                                                                                                                                                                            • Instruction ID: 41f42ab1474b1712387f19e4d1d6ce42909965518df2d4db8b54385a0d1608bf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad7f4345f5939cd5cad77a6fed875a5a7e960c5f628e316d58cb84bf61d6d09c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2023D030D042588ADB25DB78CC59BEEBBF5AF19304F1495EDE549B3292EB301B88CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E52620 Relevance: 8.0, Strings: 5, Instructions: 1766COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Content-Type: application/x-www-form-urlencoded$https://ipinfo.io/$https://www.maxmind.com/en/locate-my-ip-address$$
                                                                                                                                                                                                                                                                            • API String ID: 0-2975632343
                                                                                                                                                                                                                                                                            • Opcode ID: a181365ac3f52b89682651567b8bc990757815b1218640e2a1ab8a3979023931
                                                                                                                                                                                                                                                                            • Instruction ID: 1ee658e60819dcd30d8fafabca241dc4bda2dc74b824df70174c6e2708cf48c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a181365ac3f52b89682651567b8bc990757815b1218640e2a1ab8a3979023931
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C03DF309042588ADB25DB78CC59BEEBBF5AF19304F1495EDD549B3292EF302B88CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E52BB8 Relevance: 7.8, Strings: 5, Instructions: 1563COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Content-Type: application/x-www-form-urlencoded$https://ipinfo.io/$https://www.maxmind.com/en/locate-my-ip-address$$
                                                                                                                                                                                                                                                                            • API String ID: 0-2975632343
                                                                                                                                                                                                                                                                            • Opcode ID: f5f9e1217a813d4ef1976787e727313611f6907fa071be18d84ca689773bddee
                                                                                                                                                                                                                                                                            • Instruction ID: de05efbe6e26a71d173a90324fcf8b38946aa2fa8287fe56b888f75b12eea37f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f9e1217a813d4ef1976787e727313611f6907fa071be18d84ca689773bddee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65E2D0309042588ADB25DB78CC59BEEBBF5AF19304F1495EDD549B3292EF302B88CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E5E780 Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1176COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,00000000,EEFBE9E4), ref: 00E5E8A7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with $di{n
                                                                                                                                                                                                                                                                            • API String ID: 1514166925-4205679004
                                                                                                                                                                                                                                                                            • Opcode ID: 5ea0c3bef1be629478e72944a2a843b556c41607d92cfc3daf4523f80bc2da55
                                                                                                                                                                                                                                                                            • Instruction ID: 75351ee7b818e131c9bcc7524653097b14058b9ac4969a6601a866ed5b267815
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ea0c3bef1be629478e72944a2a843b556c41607d92cfc3daf4523f80bc2da55
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00B2D230C0428C8ADF15EBB4C8597EEBBB4AF15304F1455DDE84937292EB742B89DBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E6460C Relevance: 6.3, APIs: 1, Strings: 2, Instructions: 1075COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E65044
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • cannot use operator[] with a string argument with , xrefs: 00E65461
                                                                                                                                                                                                                                                                            • #, xrefs: 00E652FE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                            • String ID: #$cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 885266447-740485285
                                                                                                                                                                                                                                                                            • Opcode ID: 219b3baa2c8695de9330e4df55db61f577cb6bcf58f1074823495bfac6f1d4d2
                                                                                                                                                                                                                                                                            • Instruction ID: 8ac6eb2226698bbd648ea19dd79f6cc9679a050f471bed9609aba61819215fcb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 219b3baa2c8695de9330e4df55db61f577cb6bcf58f1074823495bfac6f1d4d2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77A21271D002588BDB19CF28DC547EEBBB1EF55304F249298E459B7292EB34AAC4CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E654B0 Relevance: 6.3, APIs: 1, Strings: 1, Instructions: 2780COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,00000000,000000E0), ref: 00E655DA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 1514166925-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: 0311b7edbf9b7d961a917424c9ac211d3eab9fbb241cabd1d6f499fbffb9c2e7
                                                                                                                                                                                                                                                                            • Instruction ID: f831d411fc945727d3c2e6e4442dfdb973dc0147907c1183dd9f513c0b5e871e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0311b7edbf9b7d961a917424c9ac211d3eab9fbb241cabd1d6f499fbffb9c2e7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9743FD30D042588BDB29DB64DC59BEEBBB0AF15304F1052DDE48977292EB346B89CF61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F44AB3 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F44EF8,00000000,00000000,00000000), ref: 00F44DB7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InformationTimeZone
                                                                                                                                                                                                                                                                            • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                                                                                                            • API String ID: 565725191-690618308
                                                                                                                                                                                                                                                                            • Opcode ID: 52f36dff78ff36952f39c42087d604119570a2fb4ae8062ad1e9cd61514657bb
                                                                                                                                                                                                                                                                            • Instruction ID: 1e9f52e362ccc304fa2e8bd0d3fb55d705673ead363ce3159650dcd24e356abd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52f36dff78ff36952f39c42087d604119570a2fb4ae8062ad1e9cd61514657bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52C1E472D00125ABDB10AF649C42BAEBFB8EF45720F144066FD05B7291EB34AE41E794
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E4F380 Relevance: 5.5, APIs: 3, Instructions: 986COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 443710ad3865b7b9b044ec019dacdf1a606ff85bdf38a3de31e32a5cc4b3d337
                                                                                                                                                                                                                                                                            • Instruction ID: f3905d0e3478835767dee77397c0b71488f5375f242030f4acad988de4997cb7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 443710ad3865b7b9b044ec019dacdf1a606ff85bdf38a3de31e32a5cc4b3d337
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6182F231C002588BEF09CF68CC94BEEBB76EF46304F14969DE44977292EB745A89CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E9CBF0 Relevance: 5.0, Strings: 3, Instructions: 1265COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskFolderPath
                                                                                                                                                                                                                                                                            • String ID: $$
                                                                                                                                                                                                                                                                            • API String ID: 1258877742-3202887831
                                                                                                                                                                                                                                                                            • Opcode ID: 3a18016ad04ceeab79d2472d4dedc1013d77252dcb4357f23ccf62475b1ad5f6
                                                                                                                                                                                                                                                                            • Instruction ID: 5b3b0052417331b2642abc845db8996940a17ae26c01f6b8a1e5bc5770195630
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a18016ad04ceeab79d2472d4dedc1013d77252dcb4357f23ccf62475b1ad5f6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEC2DF30C042988ADF25EB74CC59BEEBBB4AF15304F1451DDE48A73292EB346B85DB61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E6AB10 Relevance: 4.8, APIs: 1, Strings: 1, Instructions: 1336COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00E6B5BA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Initstd::locale::_
                                                                                                                                                                                                                                                                            • String ID: n:
                                                                                                                                                                                                                                                                            • API String ID: 1620887387-2748301705
                                                                                                                                                                                                                                                                            • Opcode ID: cffcca9551b2a20b6286c9684cc133176be14c5741bd23648166f2c45aecad0e
                                                                                                                                                                                                                                                                            • Instruction ID: 4e831fee37d8ab02e79365390d888c81dad32010438d695c649064e267ccd046
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cffcca9551b2a20b6286c9684cc133176be14c5741bd23648166f2c45aecad0e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82C2F271D002488BDB18DF68DC997EEBBB1EF45304F14829CE445BB292EB749AC5CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F29505 Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(000000FF,?,00EBFF6A,?,00000009), ref: 00F29511
                                                                                                                                                                                                                                                                            • FindFirstFileExW.KERNELBASE(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,00EBFF6A,?,00000009), ref: 00F29540
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00EBFF6A,?,00000009), ref: 00F29552
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$CloseErrorFileFirstLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4020440971-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9ebe4d175eaf5fd1bcb0bd980136a5df421a240565a4509a3b567fc89654d2b7
                                                                                                                                                                                                                                                                            • Instruction ID: ee93a88bf501c1095bd8a899d8eb3e1625d7317d9e7a1738f295d717eb2e683a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ebe4d175eaf5fd1bcb0bd980136a5df421a240565a4509a3b567fc89654d2b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEF05E31208619AFDB116F68EC099AA7BECEB04371F144525FA28C24A1D7B29961B661
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E44F70 Relevance: 3.8, APIs: 2, Instructions: 805COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000000,00000000), ref: 00E44FC9
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00E44FF0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                                                                                                                                            • Opcode ID: ad2927c5e4a6d49e64cda8ff87f752245b16b863836f7a4ca8bd36ebf6220570
                                                                                                                                                                                                                                                                            • Instruction ID: dfcf7b47927eb5725cb715dc10915789cad51ff754d36926218ffb073062fa4c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad2927c5e4a6d49e64cda8ff87f752245b16b863836f7a4ca8bd36ebf6220570
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B282C130C042988ADB25EB74DC597EEBBB4AF15304F1452DDD59A33192EB302B89DF61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F19361 Relevance: 2.6, Strings: 1, Instructions: 1396COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • only a single result allowed for a SELECT that is part of an expression, xrefs: 00F1936D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                                                                                                                                                                                                            • API String ID: 0-1725073988
                                                                                                                                                                                                                                                                            • Opcode ID: 7990c667cbd9e0e643e6379ed1fea4fd7c32c9d6e643c88ef793ca6d37cebf9a
                                                                                                                                                                                                                                                                            • Instruction ID: 1cc4c3b1c90c95a2625ff8bc3ab95bfce0fc7bcc8b21b043ddc28d7af55181f0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7990c667cbd9e0e643e6379ed1fea4fd7c32c9d6e643c88ef793ca6d37cebf9a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74E24A706087418FC724EF18C490B6ABBE1FF88314F16895DE9968B352EB75E945CF82
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E7ABE0 Relevance: 2.5, Strings: 1, Instructions: 1273COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                                                            • API String ID: 0-2766135566
                                                                                                                                                                                                                                                                            • Opcode ID: fc86f359950d37ddf51140e4fa3d2ef596702442cf984993ae2ea989857e0ec5
                                                                                                                                                                                                                                                                            • Instruction ID: f16e494d4a110d5776a2ec288448e7820cbb43a6b0ad35ed33f7746b0157b168
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc86f359950d37ddf51140e4fa3d2ef596702442cf984993ae2ea989857e0ec5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDC2CF30D00258CFDB25DFA4C854BEEBBB0AF55304F24929DE44977292EB746A85CFA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E948F0 Relevance: 2.5, Strings: 1, Instructions: 1245COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderPath$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID: R
                                                                                                                                                                                                                                                                            • API String ID: 3121987327-1466425173
                                                                                                                                                                                                                                                                            • Opcode ID: 1270ee77b0349712d1adb9cdffb9f92935983e3b38239b9197374d903f2342b9
                                                                                                                                                                                                                                                                            • Instruction ID: 2713d67dc8184b4ebb25ce3a2b7f14dc1c8093b9694c92043b093c35c92c66df
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1270ee77b0349712d1adb9cdffb9f92935983e3b38239b9197374d903f2342b9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5C20670D042888BDF15EBB8C85ABEEBFB4AF15304F14509DE58577282EB341B49DB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E6B460 Relevance: 2.2, APIs: 1, Instructions: 652COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00E6B5BA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Initstd::locale::_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1620887387-0
                                                                                                                                                                                                                                                                            • Opcode ID: 753fb6e1cb30ca6f3bbd648ebe1c4f8c5a093e31a9651b5dd83d83b7a7c4ebac
                                                                                                                                                                                                                                                                            • Instruction ID: bf0af83d5ff603adfe400cce86b29b942967d899ad9f8cb1ec3831c3c6fe565e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 753fb6e1cb30ca6f3bbd648ebe1c4f8c5a093e31a9651b5dd83d83b7a7c4ebac
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9042F171D002488BDB08DF68DD897EEBBB1FF45304F149298E445BB292DB745AC5CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E56340 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 06314f0d948f6a92bca12c8d637b1e0fe0cb7c0348b6d0418b168b903ba0e97c
                                                                                                                                                                                                                                                                            • Instruction ID: c50f8dd3e739b6278442a5465f9f1a17694a7795604855b4e9e932d065efaa43
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06314f0d948f6a92bca12c8d637b1e0fe0cb7c0348b6d0418b168b903ba0e97c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BE12671D00208CBDF08DFA8DC957EEB7B1EF85304F648659E8117B292DB745A89CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00ED8C70 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1660d9db78bd90ad43c60add72c52ab0c2873aca9dd0360f961e77ed471c6dc8
                                                                                                                                                                                                                                                                            • Instruction ID: 7e2e41113b15e686a1d9a0f2a5d5d51b839988bebffd8acc1f2752937f334bfe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1660d9db78bd90ad43c60add72c52ab0c2873aca9dd0360f961e77ed471c6dc8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CB1AF712047019FD720CF68C940A5BB7E5FF88324F144B2EF8AAA3790DB74E9468B52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F3A3F1 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 11456 f3a3f1-f3a421 call f3a13f 11459 f3a423-f3a42e call f38e0a 11456->11459 11460 f3a43c-f3a448 call f4611f 11456->11460 11467 f3a430-f3a437 call f38e1d 11459->11467 11465 f3a461-f3a4aa call f3a0aa 11460->11465 11466 f3a44a-f3a45f call f38e0a call f38e1d 11460->11466 11476 f3a517-f3a520 GetFileType 11465->11476 11477 f3a4ac-f3a4b5 11465->11477 11466->11467 11474 f3a716-f3a71a 11467->11474 11478 f3a522-f3a553 GetLastError call f38dc3 CloseHandle 11476->11478 11479 f3a569-f3a56c 11476->11479 11481 f3a4b7-f3a4bb 11477->11481 11482 f3a4ec-f3a512 GetLastError call f38dc3 11477->11482 11478->11467 11495 f3a559-f3a564 call f38e1d 11478->11495 11485 f3a575-f3a57b 11479->11485 11486 f3a56e-f3a573 11479->11486 11481->11482 11487 f3a4bd-f3a4ea call f3a0aa 11481->11487 11482->11467 11491 f3a57f-f3a5cd call f4606a 11485->11491 11492 f3a57d 11485->11492 11486->11491 11487->11476 11487->11482 11498 f3a5cf-f3a5db call f3a2b9 11491->11498 11499 f3a5ec-f3a614 call f39e54 11491->11499 11492->11491 11495->11467 11498->11499 11505 f3a5dd 11498->11505 11506 f3a616-f3a617 11499->11506 11507 f3a619-f3a65a 11499->11507 11508 f3a5df-f3a5e7 call f406c2 11505->11508 11506->11508 11509 f3a67b-f3a689 11507->11509 11510 f3a65c-f3a660 11507->11510 11508->11474 11512 f3a714 11509->11512 11513 f3a68f-f3a693 11509->11513 11510->11509 11511 f3a662-f3a676 11510->11511 11511->11509 11512->11474 11513->11512 11515 f3a695-f3a6c8 CloseHandle call f3a0aa 11513->11515 11519 f3a6ca-f3a6f6 GetLastError call f38dc3 call f46232 11515->11519 11520 f3a6fc-f3a710 11515->11520 11519->11520 11520->11512
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00F3A0AA: CreateFileW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00F3A0C7
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F3A505
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F3A50C
                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00F3A518
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F3A522
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F3A52B
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00F3A54B
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00F3A698
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F3A6CA
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F3A6D1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                            • Opcode ID: f9aef816ff6279935a413632ddd13ca9262f04196f67884c4694d8062e1a9ceb
                                                                                                                                                                                                                                                                            • Instruction ID: d94fb9473cb68c7e723dcc4731ac366f3b209d4c4fc3668ca577f9d2a7254151
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9aef816ff6279935a413632ddd13ca9262f04196f67884c4694d8062e1a9ceb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63A13932A141189FCF19DF68DC55BAE3BB1AB06330F180149F851EB3D1DB359912EB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E8C906 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 455COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 11726 e8c906-e8c963 CoUninitialize 11730 e8c966-e8c96b 11726->11730 11730->11730 11731 e8c96d-e8c9df call e32b80 call eb5430 call eb2bf0 PathFindExtensionA 11730->11731 11739 e8cf30-e8cf5d call eb3010 call e3d5d0 11731->11739 11740 e8c9e5-e8c9ea 11731->11740 11751 e8cf8e-e8cf92 11739->11751 11752 e8cf5f-e8cf6e 11739->11752 11741 e8c9f0-e8c9f5 11740->11741 11741->11741 11743 e8c9f7-e8ca59 call eb86c0 11741->11743 11753 e8ca62-e8ca71 11743->11753 11756 e8cfdf-e8cfec 11751->11756 11757 e8cf94-e8cf9a 11751->11757 11754 e8cf70-e8cf7e 11752->11754 11755 e8cf84-e8cf8b call f2b0f1 11752->11755 11753->11753 11758 e8ca73-e8ca9e 11753->11758 11754->11755 11755->11751 11762 e8d01d-e8d045 11756->11762 11763 e8cfee-e8cffd 11756->11763 11757->11756 11760 e8cf9c-e8cfd5 CopyFileA 11757->11760 11761 e8caa0-e8caa5 11758->11761 11760->11756 11774 e8cfd7-e8cfdd 11760->11774 11761->11761 11768 e8caa7-e8cadf call e32b80 11761->11768 11764 e8d076-e8d0b5 call eb5200 11762->11764 11765 e8d047-e8d056 11762->11765 11769 e8cfff-e8d00d 11763->11769 11770 e8d013-e8d01a call f2b0f1 11763->11770 11785 e8d14b-e8d15f call ebe5f0 11764->11785 11786 e8d0bb-e8d0bf 11764->11786 11771 e8d058-e8d066 11765->11771 11772 e8d06c-e8d073 call f2b0f1 11765->11772 11783 e8cae2-e8cae7 11768->11783 11769->11770 11770->11762 11771->11772 11772->11764 11774->11756 11783->11783 11784 e8cae9-e8cb32 call e32b80 11783->11784 11793 e8cb38-e8cbfe call eb5740 11784->11793 11794 e8cc01-e8cc09 11784->11794 11795 e8d18b 11785->11795 11796 e8d161-e8d16b 11785->11796 11786->11785 11789 e8d0c5-e8d0ea 11786->11789 11792 e8d0f0-e8d0f5 11789->11792 11792->11792 11797 e8d0f7-e8d11d call e32b80 call e3dc90 11792->11797 11793->11794 11800 e8cc0b-e8cc17 11794->11800 11801 e8cc37-e8cc41 11794->11801 11798 e8d191-e8d1b3 call eafea0 11795->11798 11802 e8d16d 11796->11802 11803 e8d16f-e8d189 call eb8540 11796->11803 11797->11785 11828 e8d11f-e8d12b 11797->11828 11834 e8d1e1-e8d1f9 11798->11834 11835 e8d1b5-e8d1c1 11798->11835 11808 e8cc19-e8cc27 11800->11808 11809 e8cc2d-e8cc34 call f2b0f1 11800->11809 11811 e8cc6f-e8cc79 11801->11811 11812 e8cc43-e8cc4f 11801->11812 11802->11803 11803->11795 11803->11798 11808->11809 11809->11801 11811->11739 11817 e8cc7f-e8cf10 11811->11817 11813 e8cc51-e8cc5f 11812->11813 11814 e8cc65-e8cc6c call f2b0f1 11812->11814 11813->11814 11814->11811 11830 e8cf12-e8cf20 11817->11830 11831 e8cf26-e8cf2d call f2b0f1 11817->11831 11832 e8d12d-e8d13b 11828->11832 11833 e8d141-e8d148 call f2b0f1 11828->11833 11830->11831 11831->11739 11832->11833 11833->11785 11841 e8d1fb-e8d207 11834->11841 11842 e8d223-e8d256 call eb5200 * 2 11834->11842 11838 e8d1c3-e8d1d1 11835->11838 11839 e8d1d7-e8d1de call f2b0f1 11835->11839 11838->11839 11839->11834 11846 e8d219-e8d220 call f2b0f1 11841->11846 11847 e8d209-e8d217 11841->11847 11846->11842 11847->11846
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00E8C939
                                                                                                                                                                                                                                                                            • PathFindExtensionA.SHLWAPI(?,?,00000000,?,?), ref: 00E8C9D5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExtensionFindPathUninitialize
                                                                                                                                                                                                                                                                            • String ID: "$"$)$QRf$QR~
                                                                                                                                                                                                                                                                            • API String ID: 1374432047-452729162
                                                                                                                                                                                                                                                                            • Opcode ID: 36565224c97e380b25e2ca6f76bc8308d3745a28483fefe05602ffc5a008f6b8
                                                                                                                                                                                                                                                                            • Instruction ID: 95c288a974da699048e65af7e9a14946abdcd863580c81fc2200fcbbec061fdf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36565224c97e380b25e2ca6f76bc8308d3745a28483fefe05602ffc5a008f6b8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E0203319042588BEF18DF68CC98BEDB7B6EF45304F648288E44DB7292D7749AC5CB60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E375B0 Relevance: 11.3, APIs: 3, Strings: 3, Instructions: 778COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 19791 e375b0-e37636 call ebdf50 call e37070 19796 e37646-e37655 call eb5430 19791->19796 19797 e37638-e3763b 19791->19797 19802 e37f62-e37f68 19796->19802 19803 e3765b-e3765f 19796->19803 19797->19796 19798 e3763d-e37640 19797->19798 19798->19796 19800 e37feb-e37ff4 call e36640 19798->19800 19805 e37ff9 call f30390 19800->19805 19806 e37f96-e37fae 19802->19806 19807 e37f6a-e37f76 19802->19807 19808 e377c2-e37826 call ed7410 call ebdf50 call eb6b20 19803->19808 19809 e37665-e376ae call ebdf50 call e34b60 call eb68d0 19803->19809 19817 e37ffe-e38009 call e36640 19805->19817 19814 e37fb0-e37fbc 19806->19814 19815 e37fd8-e37fea 19806->19815 19811 e37f78-e37f86 19807->19811 19812 e37f8c-e37f93 call f2b0f1 19807->19812 19808->19817 19847 e3782c-e37839 call eb5430 19808->19847 19843 e376d1-e376e4 call eb8e80 19809->19843 19844 e376b0-e376cf 19809->19844 19811->19812 19819 e3801a-e3809e call f30390 call eb1a10 call f29f4c 19811->19819 19812->19806 19821 e37fce-e37fd5 call f2b0f1 19814->19821 19822 e37fbe-e37fcc 19814->19822 19830 e3800e-e38010 call e36520 19817->19830 19821->19815 19822->19819 19822->19821 19841 e38015 call e323f0 19830->19841 19841->19819 19848 e376e9-e3771f 19843->19848 19844->19848 19860 e3783b 19847->19860 19861 e3783f-e3784a 19847->19861 19852 e37721-e3772d 19848->19852 19853 e3775c-e3776f 19848->19853 19856 e37743-e37754 call f2b0f1 19852->19856 19857 e3772f-e3773d 19852->19857 19858 e37771-e3777d 19853->19858 19859 e3779d-e377bd call eb5430 * 2 19853->19859 19856->19853 19857->19805 19857->19856 19866 e37793-e3779a call f2b0f1 19858->19866 19867 e3777f-e3778d 19858->19867 19859->19808 19860->19861 19862 e37850-e37871 19861->19862 19863 e3784c 19861->19863 19868 e37893 19862->19868 19869 e37873-e3787b 19862->19869 19863->19862 19866->19859 19867->19805 19867->19866 19876 e37897-e37899 19868->19876 19869->19868 19874 e3787d-e3788c 19869->19874 19874->19868 19883 e3788e 19874->19883 19877 e3789f-e3799d call e348b0 GetFileAttributesA call ebdf50 * 2 call e374c0 * 2 call e35260 call eb5430 * 2 call e348b0 call eb5430 * 3 19876->19877 19878 e37ecc-e37ed1 19876->19878 19928 e379a2-e379ab 19877->19928 19879 e37ed3-e37edb 19878->19879 19880 e37ef4-e37efd 19878->19880 19879->19880 19884 e37edd-e37eeb 19879->19884 19886 e37f20-e37f22 19880->19886 19887 e37eff-e37f07 19880->19887 19883->19868 19884->19880 19899 e37eed-e37eef 19884->19899 19888 e37f42-e37f48 19886->19888 19889 e37f24-e37f28 19886->19889 19887->19886 19890 e37f09-e37f17 19887->19890 19888->19802 19895 e37f4a-e37f4e 19888->19895 19892 e37f2a-e37f35 call ed7fb0 19889->19892 19893 e37f39-e37f3b call ed8c70 19889->19893 19890->19886 19906 e37f19-e37f1b 19890->19906 19892->19893 19908 e37f40 19893->19908 19901 e37f50-e37f58 call ed7fb0 19895->19901 19902 e37f5b-e37f5d call ed8c70 19895->19902 19899->19880 19901->19902 19902->19802 19906->19886 19908->19888 19929 e379b0-e379d3 call eb86c0 19928->19929 19932 e379d9-e37a2e 19929->19932 19933 e37b0e-e37b21 19929->19933 19935 e37a34-e37a57 call f2e8c0 19932->19935 19936 e37aca-e37ad4 19932->19936 19934 e37b24-e37b29 19933->19934 19934->19934 19937 e37b2b-e37b36 19934->19937 19945 e37ac4-e37ac7 19935->19945 19946 e37a59 19935->19946 19936->19929 19939 e37ada-e37ae9 19936->19939 19937->19841 19940 e37b3c-e37b73 call ebaa20 19937->19940 19941 e37aeb-e37af9 19939->19941 19942 e37aff-e37b09 call f2b0f1 19939->19942 19951 e37c20-e37c27 19940->19951 19952 e37b79-e37b7d 19940->19952 19941->19805 19941->19942 19942->19928 19945->19936 19949 e37a60-e37a67 19946->19949 19953 e37a70 19949->19953 19954 e37a69-e37a6e 19949->19954 19955 e37c52-e37d21 call eb5280 call eb50d0 call eb6070 19951->19955 19956 e37c29-e37c32 19951->19956 19957 e37b90-e37b94 19952->19957 19958 e37b7f-e37b8e call ed7fb0 19952->19958 19959 e37a72-e37a74 19953->19959 19954->19959 19988 e37d23-e37d33 19955->19988 19989 e37d35-e37d47 19955->19989 19962 e37c34-e37c42 19956->19962 19963 e37c48-e37c4f call f2b0f1 19956->19963 19966 e37b96-e37b98 19957->19966 19967 e37b9a-e37b9b 19957->19967 19958->19957 19960 e37a97-e37aa0 19959->19960 19961 e37a76-e37a93 call f2e8c0 19959->19961 19969 e37aa2-e37abc call eb5740 19960->19969 19970 e37ac1 19960->19970 19961->19949 19980 e37a95 19961->19980 19962->19805 19962->19963 19963->19955 19966->19967 19974 e37b9d-e37c0c call f39089 call f39382 call ed78e0 19966->19974 19967->19957 19969->19970 19970->19945 19991 e37c11-e37c1c 19974->19991 19980->19970 19990 e37d4a-e37d56 call e33f00 19988->19990 19989->19990 19994 e37db6-e37e36 call eb1a10 call f29f4c 19990->19994 19995 e37d58 19990->19995 19991->19951 20007 e37e64-e37e83 19994->20007 20008 e37e38-e37e44 19994->20008 19997 e37d60-e37d71 19995->19997 19999 e37d73-e37d83 call eb1ea0 19997->19999 20000 e37da7-e37daa call ed7fb0 19997->20000 20005 e37d88-e37d90 19999->20005 20006 e37daf-e37db2 20000->20006 20005->20000 20009 e37d92-e37da5 call ed7e60 20005->20009 20006->19994 20012 e37e85-e37e94 20007->20012 20013 e37eb4-e37eb7 call e369a0 20007->20013 20010 e37e46-e37e54 20008->20010 20011 e37e5a-e37e61 call f2b0f1 20008->20011 20009->19997 20009->20000 20010->19805 20010->20011 20011->20007 20017 e37e96-e37ea4 20012->20017 20018 e37eaa-e37eb1 call f2b0f1 20012->20018 20020 e37ebc-e37ebe 20013->20020 20017->19805 20017->20018 20018->20013 20020->19830 20023 e37ec4-e37ec7 20020->20023 20023->19876
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 00E378C7
                                                                                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E37E24
                                                                                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E38087
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$AttributesFile
                                                                                                                                                                                                                                                                            • String ID: .zip$recursive_directory_iterator::recursive_directory_iterator$status
                                                                                                                                                                                                                                                                            • API String ID: 4043938503-1106645639
                                                                                                                                                                                                                                                                            • Opcode ID: 79cff5400d80cca96cb62f55d578d7300a72135fdad32d8e22e58e7e45c64131
                                                                                                                                                                                                                                                                            • Instruction ID: dfbd5c85d8958fbdbdc36f03941b7dd40bf5698f8fbc4273508c62e6bcd3d825
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79cff5400d80cca96cb62f55d578d7300a72135fdad32d8e22e58e7e45c64131
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4962B171E042488FDF25CF68C988BEEBBB1BF45304F148299E449B7292DB749E85CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E8CDE8 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 360fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 21466 e8cde8-e8cdf0 21467 e8cdf2-e8cdf6 21466->21467 21468 e8ce03-e8ce06 21466->21468 21469 e8ce08-e8ce0c 21467->21469 21470 e8cdf8-e8ce01 21467->21470 21468->21469 21471 e8ce3c 21468->21471 21472 e8ce0e-e8ce11 21469->21472 21473 e8ce35-e8ce3a 21469->21473 21470->21467 21470->21468 21474 e8ce3e-e8ce40 21471->21474 21472->21471 21475 e8ce13-e8ce19 21472->21475 21473->21474 21476 e8ce60-e8ce66 21474->21476 21477 e8ce42-e8ce5c call f2e8c0 21474->21477 21475->21473 21480 e8ce1b-e8ce1e 21475->21480 21478 e8ce68-e8ce82 call eb5740 21476->21478 21479 e8ce87-e8ce92 21476->21479 21477->21466 21492 e8ce5e 21477->21492 21478->21479 21483 e8cec0-e8ceca 21479->21483 21484 e8ce94-e8cea0 21479->21484 21480->21471 21485 e8ce20-e8ce26 21480->21485 21490 e8cef8-e8cf02 21483->21490 21491 e8cecc-e8ced8 21483->21491 21487 e8cea2-e8ceb0 21484->21487 21488 e8ceb6-e8cebd call f2b0f1 21484->21488 21485->21473 21489 e8ce28-e8ce2b 21485->21489 21487->21488 21488->21483 21489->21471 21496 e8ce2d-e8ce33 21489->21496 21493 e8cf30-e8cf5d call eb3010 call e3d5d0 21490->21493 21494 e8cf04-e8cf10 21490->21494 21497 e8ceda-e8cee8 21491->21497 21498 e8ceee-e8cef5 call f2b0f1 21491->21498 21492->21479 21512 e8cf8e-e8cf92 21493->21512 21513 e8cf5f-e8cf6e 21493->21513 21503 e8cf12-e8cf20 21494->21503 21504 e8cf26-e8cf2d call f2b0f1 21494->21504 21496->21471 21496->21473 21497->21498 21498->21490 21503->21504 21504->21493 21516 e8cfdf-e8cfec 21512->21516 21517 e8cf94-e8cf9a 21512->21517 21514 e8cf70-e8cf7e 21513->21514 21515 e8cf84-e8cf8b call f2b0f1 21513->21515 21514->21515 21515->21512 21520 e8d01d-e8d045 21516->21520 21521 e8cfee-e8cffd 21516->21521 21517->21516 21519 e8cf9c-e8cfd5 CopyFileA 21517->21519 21519->21516 21531 e8cfd7-e8cfdd 21519->21531 21522 e8d076-e8d0b5 call eb5200 21520->21522 21523 e8d047-e8d056 21520->21523 21526 e8cfff-e8d00d 21521->21526 21527 e8d013-e8d01a call f2b0f1 21521->21527 21538 e8d14b-e8d15f call ebe5f0 21522->21538 21539 e8d0bb-e8d0bf 21522->21539 21528 e8d058-e8d066 21523->21528 21529 e8d06c-e8d073 call f2b0f1 21523->21529 21526->21527 21527->21520 21528->21529 21529->21522 21531->21516 21544 e8d18b 21538->21544 21545 e8d161-e8d16b 21538->21545 21539->21538 21541 e8d0c5-e8d0ea 21539->21541 21543 e8d0f0-e8d0f5 21541->21543 21543->21543 21546 e8d0f7-e8d0fe call e32b80 21543->21546 21547 e8d191-e8d1b3 call eafea0 21544->21547 21548 e8d16d 21545->21548 21549 e8d16f-e8d189 call eb8540 21545->21549 21551 e8d103-e8d10b call e3dc90 21546->21551 21563 e8d1e1-e8d1f9 21547->21563 21564 e8d1b5-e8d1c1 21547->21564 21548->21549 21549->21544 21549->21547 21557 e8d110-e8d11d 21551->21557 21557->21538 21559 e8d11f-e8d12b 21557->21559 21561 e8d12d-e8d13b 21559->21561 21562 e8d141-e8d148 call f2b0f1 21559->21562 21561->21562 21562->21538 21568 e8d1fb-e8d207 21563->21568 21569 e8d223-e8d256 call eb5200 * 2 21563->21569 21566 e8d1c3-e8d1d1 21564->21566 21567 e8d1d7-e8d1de call f2b0f1 21564->21567 21566->21567 21567->21563 21573 e8d219-e8d220 call f2b0f1 21568->21573 21574 e8d209-e8d217 21568->21574 21573->21569 21574->21573
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000000), ref: 00E8CFCD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CopyFile
                                                                                                                                                                                                                                                                            • String ID: "$)$QRf$QR~$QW4
                                                                                                                                                                                                                                                                            • API String ID: 1304948518-1363359634
                                                                                                                                                                                                                                                                            • Opcode ID: 685a598b35899b342218103b36aa1729872071379763abf8a89173aed295314a
                                                                                                                                                                                                                                                                            • Instruction ID: 6f34252d18eaa2c7aa7ffd27ffad52f2faf8b4a8dd3f1474240be173f608116c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 685a598b35899b342218103b36aa1729872071379763abf8a89173aed295314a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4D10831A041588BDF19EB28DC88BADB772EF42314F689258E45DB76D2D734ED818B60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F40203 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 22192 f40203-f40213 22193 f40215-f40228 call f38e0a call f38e1d 22192->22193 22194 f4022d-f4022f 22192->22194 22208 f40587 22193->22208 22195 f40235-f4023b 22194->22195 22196 f4056f-f4057c call f38e0a call f38e1d 22194->22196 22195->22196 22199 f40241-f4026a 22195->22199 22213 f40582 call f30380 22196->22213 22199->22196 22203 f40270-f40279 22199->22203 22206 f40293-f40295 22203->22206 22207 f4027b-f4028e call f38e0a call f38e1d 22203->22207 22211 f4056b-f4056d 22206->22211 22212 f4029b-f4029f 22206->22212 22207->22213 22214 f4058a-f4058d 22208->22214 22211->22214 22212->22211 22216 f402a5-f402a9 22212->22216 22213->22208 22216->22207 22219 f402ab-f402c2 22216->22219 22221 f402c4-f402c7 22219->22221 22222 f402f7-f402fd 22219->22222 22223 f402ed-f402f5 22221->22223 22224 f402c9-f402cf 22221->22224 22225 f402d1-f402e8 call f38e0a call f38e1d call f30380 22222->22225 22226 f402ff-f40306 22222->22226 22228 f4036a-f40389 22223->22228 22224->22223 22224->22225 22257 f404a2 22225->22257 22229 f40308 22226->22229 22230 f4030a-f40328 call f432e4 call f4279a * 2 22226->22230 22232 f40445-f4044e call f4c934 22228->22232 22233 f4038f-f4039b 22228->22233 22229->22230 22261 f40345-f40368 call f39d1b 22230->22261 22262 f4032a-f40340 call f38e1d call f38e0a 22230->22262 22245 f40450-f40462 22232->22245 22246 f404bf 22232->22246 22233->22232 22237 f403a1-f403a3 22233->22237 22237->22232 22241 f403a9-f403ca 22237->22241 22241->22232 22247 f403cc-f403e2 22241->22247 22245->22246 22252 f40464-f40473 GetConsoleMode 22245->22252 22250 f404c3-f404d9 ReadFile 22246->22250 22247->22232 22248 f403e4-f403e6 22247->22248 22248->22232 22253 f403e8-f4040b 22248->22253 22255 f40537-f40542 GetLastError 22250->22255 22256 f404db-f404e1 22250->22256 22252->22246 22258 f40475-f40479 22252->22258 22253->22232 22260 f4040d-f40423 22253->22260 22263 f40544-f40556 call f38e1d call f38e0a 22255->22263 22264 f4055b-f4055e 22255->22264 22256->22255 22265 f404e3 22256->22265 22259 f404a5-f404af call f4279a 22257->22259 22258->22250 22266 f4047b-f40493 ReadConsoleW 22258->22266 22259->22214 22260->22232 22268 f40425-f40427 22260->22268 22261->22228 22262->22257 22263->22257 22275 f40564-f40566 22264->22275 22276 f4049b-f404a1 call f38dc3 22264->22276 22272 f404e6-f404f8 22265->22272 22273 f404b4-f404bd 22266->22273 22274 f40495 GetLastError 22266->22274 22268->22232 22278 f40429-f40440 22268->22278 22272->22259 22282 f404fa-f404fe 22272->22282 22273->22272 22274->22276 22275->22259 22276->22257 22278->22232 22286 f40517-f40524 22282->22286 22287 f40500-f40510 call f3ff15 22282->22287 22289 f40526 call f4006c 22286->22289 22290 f40530-f40535 call f3fd5b 22286->22290 22299 f40513-f40515 22287->22299 22297 f4052b-f4052e 22289->22297 22290->22297 22297->22299 22299->22259
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a9ff101bb6840a9901ee9040f566e5fa66d478da8650c3e8c3fd92ba8acbdb58
                                                                                                                                                                                                                                                                            • Instruction ID: ae31158b109bee5b986840f170950d408877ac403d53f9132692afc6f9c98cba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9ff101bb6840a9901ee9040f566e5fa66d478da8650c3e8c3fd92ba8acbdb58
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8B1E3B1E043099FDB11DFA8D881BBE7FB1AF45320F144199FA0497292CB749942EFA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F390F1 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 22300 f390f1-f390ff 22301 f39101-f39112 call f38e1d call f30380 22300->22301 22302 f39114-f39124 22300->22302 22322 f39167-f39169 22301->22322 22304 f39126-f39137 call f38e1d call f30380 22302->22304 22305 f39139-f3913f 22302->22305 22327 f39166 22304->22327 22308 f39141 22305->22308 22309 f39147-f3914d 22305->22309 22314 f39143-f39145 22308->22314 22315 f39159-f39163 call f38e1d 22308->22315 22310 f3916a call f44f57 22309->22310 22311 f3914f 22309->22311 22323 f3916f-f39184 call f44614 22310->22323 22311->22315 22316 f39151-f39157 22311->22316 22314->22309 22314->22315 22325 f39165 22315->22325 22316->22310 22316->22315 22329 f39377-f39391 call f303ad call f3b32a 22323->22329 22330 f3918a-f39196 call f44640 22323->22330 22325->22327 22327->22322 22342 f39393-f393a4 call f390f1 22329->22342 22343 f393a6-f393a8 22329->22343 22330->22329 22335 f3919c-f391a8 call f4466c 22330->22335 22335->22329 22341 f391ae-f391c3 22335->22341 22344 f39233-f3923e call f3b38f 22341->22344 22345 f391c5 22341->22345 22342->22343 22344->22325 22353 f39244-f3924f 22344->22353 22348 f391c7-f391cd 22345->22348 22349 f391cf-f391eb call f3b38f 22345->22349 22348->22344 22348->22349 22349->22325 22357 f391f1-f391f4 22349->22357 22355 f39251-f3925a call f44fb4 22353->22355 22356 f3926b 22353->22356 22355->22356 22365 f3925c-f39269 22355->22365 22359 f3926e-f39282 call f506f0 22356->22359 22360 f39370-f39372 22357->22360 22361 f391fa-f39203 call f44fb4 22357->22361 22368 f39284-f3928c 22359->22368 22369 f3928f-f392b6 call f50600 call f506f0 22359->22369 22360->22325 22361->22360 22370 f39209-f39221 call f3b38f 22361->22370 22365->22359 22368->22369 22378 f392c4-f392eb call f50600 call f506f0 22369->22378 22379 f392b8-f392c1 22369->22379 22370->22325 22375 f39227-f3922e 22370->22375 22375->22360 22384 f392f9-f39308 call f50600 22378->22384 22385 f392ed-f392f6 22378->22385 22379->22378 22388 f39330-f39350 22384->22388 22389 f3930a 22384->22389 22385->22384 22390 f39352-f3936b 22388->22390 22391 f3936d 22388->22391 22392 f39310-f39324 22389->22392 22393 f3930c-f3930e 22389->22393 22390->22360 22391->22360 22392->22360 22393->22392 22394 f39326-f39328 22393->22394 22394->22360 22395 f3932a 22394->22395 22395->22388 22396 f3932c-f3932e 22395->22396 22396->22360 22396->22388
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00F39279
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F39295
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00F392AC
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F392CA
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00F392E1
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F392FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6ea126540021f732f2c1d1e6696cce170994cce61dac581d002929aacc9bc899
                                                                                                                                                                                                                                                                            • Instruction ID: a62d85adc55b7994e10c51d13c3c2a9b4dff945a0018561744a1963753d7a029
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ea126540021f732f2c1d1e6696cce170994cce61dac581d002929aacc9bc899
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71811B72A04B06ABE720AE69CC41BAF73E8AF40770F14452DF911D76C1EBF4D904A790
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E8CB68 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: "$)$QRf$QR~
                                                                                                                                                                                                                                                                            • API String ID: 0-771294001
                                                                                                                                                                                                                                                                            • Opcode ID: e11ac8175aa18688e8a3f766ac491d3e5ee481a66dbad6f51a7315268242d70c
                                                                                                                                                                                                                                                                            • Instruction ID: f10a7fed355b43f8e1d33fbaddaa0308f5d5caca12d406868555717079e47b35
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e11ac8175aa18688e8a3f766ac491d3e5ee481a66dbad6f51a7315268242d70c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01D11731A041588BDB19EB28DC88BEDB772EF42314F689298E45DB76D2D734DD81CB60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E369A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 339COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00E36B04
                                                                                                                                                                                                                                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00E36B3F
                                                                                                                                                                                                                                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00E36C4A
                                                                                                                                                                                                                                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00E36C90
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___std_fs_directory_iterator_advance@8
                                                                                                                                                                                                                                                                            • String ID: .
                                                                                                                                                                                                                                                                            • API String ID: 2610647541-248832578
                                                                                                                                                                                                                                                                            • Opcode ID: f85238af6e2d1622f3add5012b6f23f8a6a71cbeaff1a46be212422ef6afcdb8
                                                                                                                                                                                                                                                                            • Instruction ID: 04c138a978b947a5b736f4e1d100795f14158e8d058bff5aa97cda97087d9d7c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f85238af6e2d1622f3add5012b6f23f8a6a71cbeaff1a46be212422ef6afcdb8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5C1E331A00626ABCB30DF28C4887A9FBF5FF45318F1592A9D855BB250D735ED45CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E36D60 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___std_fs_open_handle@16.LIBCPMT ref: 00E36DA3
                                                                                                                                                                                                                                                                            • ___std_fs_get_final_path_name_by_handle@16.LIBCPMT ref: 00E36E15
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___std_fs_get_final_path_name_by_handle@16___std_fs_open_handle@16
                                                                                                                                                                                                                                                                            • String ID: \\?\$\\?\GLOBALROOT$\\?\UNC\
                                                                                                                                                                                                                                                                            • API String ID: 474881569-3861963782
                                                                                                                                                                                                                                                                            • Opcode ID: 0a97cfa978f1b2ba1caea9f1dc3e15f056648df1471656d0da5d42d4dd2c24c3
                                                                                                                                                                                                                                                                            • Instruction ID: ffe3ab7640b988bdffe81ce5c31426a8dfdec6d73bbf5a9331015c2e30b15984
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a97cfa978f1b2ba1caea9f1dc3e15f056648df1471656d0da5d42d4dd2c24c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8681B071B00216AFCB24CF68D885BAEFBF6FF44705F10856AE455AB250D734A904CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E7F0E0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 235registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,?,00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00E7F1EA
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 00E7F240
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000000,00000000), ref: 00E7F24B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • stoi argument out of range, xrefs: 00E805B9
                                                                                                                                                                                                                                                                            • invalid stoi argument, xrefs: 00E805C3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                            • String ID: invalid stoi argument$stoi argument out of range
                                                                                                                                                                                                                                                                            • API String ID: 3677997916-1606216832
                                                                                                                                                                                                                                                                            • Opcode ID: 4c14a8f073106259e2d0a659d45d09052a43065da9096e4fc584cb2054aa0072
                                                                                                                                                                                                                                                                            • Instruction ID: 21068aaad83a271eb9d085f8301932c5a5c7a23e7629935356ed6702e392fb26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c14a8f073106259e2d0a659d45d09052a43065da9096e4fc584cb2054aa0072
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E81E471D00248ABDB14DFA8DC85BFEBBB5EF09310F148229F855B7292EB745981CB61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E4C700 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,E4FBEDCC,E4FBEDCD,EBECFAC4,EBECFAC5), ref: 00E4C868
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00E4C870
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                            • String ID: .b4C
                                                                                                                                                                                                                                                                            • API String ID: 1646373207-2114321282
                                                                                                                                                                                                                                                                            • Opcode ID: a78eb0f718fe2cad3656f560a27490bd21a3c3998e59e4264c2ef107dc2403af
                                                                                                                                                                                                                                                                            • Instruction ID: 04ae044cbf447aa52618920efdd135c8042e37eb4977809537aa48f77f8ba11f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a78eb0f718fe2cad3656f560a27490bd21a3c3998e59e4264c2ef107dc2403af
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B161F170C043889BEB18CFA4DC58BEDBBB4EF19304F24825DE4457B282EB746589CB65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E4C570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,00001000,00F529DB,000000FF,?,?,?,?,?,00000001), ref: 00E4C603
                                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,00001000,00F529DB,000000FF,?,?,?,?), ref: 00E4C6C1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesCreateDirectoryFile
                                                                                                                                                                                                                                                                            • String ID: .b4C$.b4K
                                                                                                                                                                                                                                                                            • API String ID: 3401506121-2395944626
                                                                                                                                                                                                                                                                            • Opcode ID: 950b5f55d5e7fa880d626993085654f207f6c2a966e6a0ceb407bfc1c09864cf
                                                                                                                                                                                                                                                                            • Instruction ID: a8c43c9e74e1d950be8b59caa313850e6fb0d739bd20e060092d792f26440fb4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 950b5f55d5e7fa880d626993085654f207f6c2a966e6a0ceb407bfc1c09864cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B54128719012089FD724DF28EC457AAB3B5FF44B20F20871EE865A37D0EB70A9809B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EDD130 Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 00EDD14F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EDD15A
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00EDD182
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EDD18C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2170121939-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1c3ab375f6c5229837c7a9e0092d69a65153380709aecc913286714e74e1fb10
                                                                                                                                                                                                                                                                            • Instruction ID: 03e8ae577073f2337288035eefda227689b3cec80d3b7849053881ab2b1ef635
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c3ab375f6c5229837c7a9e0092d69a65153380709aecc913286714e74e1fb10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD118F32605209ABDB108FA9EC05B9ABBACEF04371F108263FD1CD72A0D771D9619BD1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F44D45 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00F4279A: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4A899,00F8A580,00000000,00F8A580,?,00F4AB3A,00F8A580,00000007,00F8A580,?,00F4B02E,00F8A580,00F8A580), ref: 00F427B0
                                                                                                                                                                                                                                                                              • Part of subcall function 00F4279A: GetLastError.KERNEL32(00F8A580,?,00F4A899,00F8A580,00000000,00F8A580,?,00F4AB3A,00F8A580,00000007,00F8A580,?,00F4B02E,00F8A580,00F8A580), ref: 00F427BB
                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F44EF8,00000000,00000000,00000000), ref: 00F44DB7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                            • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                                                                                                            • API String ID: 3335090040-690618308
                                                                                                                                                                                                                                                                            • Opcode ID: b65c3b793d42d0a99e13817dfbf24e5137a2ad765eb801275023a6fa8981e06b
                                                                                                                                                                                                                                                                            • Instruction ID: 0b3bb74a950d99090c4594a8fc6bf3a43f850fa5845b465e8e816bd3344bcdaf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b65c3b793d42d0a99e13817dfbf24e5137a2ad765eb801275023a6fa8981e06b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD418272900225AACB10BF69DC06A9ABFB8EF45320B114166EC14B71A1EB74AD41BBD0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F433F4 Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00F34B61,?,00F34B61,?,?,?,00000000), ref: 00F433FC
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F34B61,?,?,?,00000000), ref: 00F43406
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F4340D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DeleteErrorFileLast__dosmaperr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1545401867-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0e3a1cd299b550d99563ac9a803a4ecee2a3789a710d3b94a65fdfad5aa096df
                                                                                                                                                                                                                                                                            • Instruction ID: db8ae2099445b77ef0535d09b2c1be2c577379ffa22399249ea628d15f25dd55
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e3a1cd299b550d99563ac9a803a4ecee2a3789a710d3b94a65fdfad5aa096df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72D0C932104608678E142BB5BC088163B6C9A807757100621F52CC54E1DE35CA51A5A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F3AD07 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00F3AD01,00000016,00F30183,?,?,95FF360E,00F30183,?), ref: 00F3AD18
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00F3AD01,00000016,00F30183,?,?,95FF360E,00F30183,?), ref: 00F3AD1F
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00F3AD31
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                            • Opcode ID: 840077928e681b1686f7bfda70605ee3761348163ffd2655f80d28dfa413aafa
                                                                                                                                                                                                                                                                            • Instruction ID: 5bc138b7c711ff80e708bfb3617f16fd8ab2472af4bd7f4c0310dd0283ed607b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 840077928e681b1686f7bfda70605ee3761348163ffd2655f80d28dfa413aafa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5D06C3140060CABCB052FA2DD0E8593F2AAF443A3B144428FA894A475DB399A52AA92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F4107C Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00F40792: GetConsoleOutputCP.KERNEL32(95FF360E,00000000,00000000,?), ref: 00F407F5
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00F34DF7,?,00000000,00000000,00000000,?,00000000,?,00F2A191,00F34DF7,00000000,00F2A191,?,?), ref: 00F41201
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F34DF7,00000000,?,00F2A191,?,00000000,00000000), ref: 00F4120B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                            • Opcode ID: d8d5b1bb3e7493dc41191b4c72e3548b02a03745a622f2cbcdbd96ee0d5ca250
                                                                                                                                                                                                                                                                            • Instruction ID: 3c0846c167345bc92f07a0a4a9ab85d5f23d2c4248e13202c5f435c63d980eb0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8d5b1bb3e7493dc41191b4c72e3548b02a03745a622f2cbcdbd96ee0d5ca250
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4619F72D04159AFDF118FA8CC84AAEBFB9BF49314F140185ED04E7252D775DA81ABA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EB1370 Relevance: 3.2, APIs: 2, Instructions: 185COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __fread_nolock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                            • Opcode ID: f8d0cb100ad626fdfc73f51bab51a9c63f2649a6aac635f730feea32101bcf95
                                                                                                                                                                                                                                                                            • Instruction ID: dbd9f70f1e987124003166357b35e67079f91e8db586e36ef8b3b93c0bc1fb88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8d0cb100ad626fdfc73f51bab51a9c63f2649a6aac635f730feea32101bcf95
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD6169326042018FCB14CF2CD8909AA77E5EF85364F4586A9FC29EB385E731DC158B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E36730 Relevance: 3.1, APIs: 2, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00E367DF
                                                                                                                                                                                                                                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00E367FA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3016148460-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0ba0b8f229cb5bd3d4190005c095d6b69dc6b66b56451b764a135c67f14f42f8
                                                                                                                                                                                                                                                                            • Instruction ID: 3e825193a11ef58cf5a28da5dfc2b0469474fff4b7f1bb0ec6a0e91e2bc57464
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba0b8f229cb5bd3d4190005c095d6b69dc6b66b56451b764a135c67f14f42f8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6031D272D04614ABCB24DF18D9467A9BBF4FB49724F00826AEC1573781EB756D10C6D1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F4279A Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,00F4A899,00F8A580,00000000,00F8A580,?,00F4AB3A,00F8A580,00000007,00F8A580,?,00F4B02E,00F8A580,00F8A580), ref: 00F427B0
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00F8A580,?,00F4A899,00F8A580,00000000,00F8A580,?,00F4AB3A,00F8A580,00000007,00F8A580,?,00F4B02E,00F8A580,00F8A580), ref: 00F427BB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7fc0b4021cf40111cbcb11db71cb6dd315fa242633ee617456e9008f959b99ea
                                                                                                                                                                                                                                                                            • Instruction ID: 5328ef73b320452f0b7e481d9f5e1f384b8df6d3e2b86e0ee15f5c0fdbe45c1b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fc0b4021cf40111cbcb11db71cb6dd315fa242633ee617456e9008f959b99ea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34E08631500308A7DB112BA0EC097993F58DB003A2F414020F70886461CE788D91A7D4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EBE710 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EBE8F2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: 55f9fadfec9fa68987c5323314f244ebc5440812ddff3ec1b0695aa106520b4a
                                                                                                                                                                                                                                                                            • Instruction ID: 62a5ec31cbb261e22ebff12fb8e9c4e9cee74048fe006bd33214bd95f9568656
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55f9fadfec9fa68987c5323314f244ebc5440812ddff3ec1b0695aa106520b4a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3851E872E005149FDB1CDA2CD9E19EEB7E69F9430471D916DE806EB356EA30EE418780
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E3D3D0 Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __fread_nolock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3469ac1454f736270b2161fce49261e2c144e1b67c8011068bc23e5f1f58b80c
                                                                                                                                                                                                                                                                            • Instruction ID: dd7edb90b3650a79534650ca4438ca69ee9f5b8295f7190e3079195bdcde48f9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3469ac1454f736270b2161fce49261e2c144e1b67c8011068bc23e5f1f58b80c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74517470904304DBDB18CF68DC89BAEBBB5FF44714F10461DE401BB282D7B8A980CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F30522 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3b31900387847bb34fc2efc29fccb6b19d80bd411dc302a71d78d4088937e8b2
                                                                                                                                                                                                                                                                            • Instruction ID: 2ffd1b3829abf25aeeead86f5cc1b4d813ac57cf65ffa77d8725beed8568f525
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b31900387847bb34fc2efc29fccb6b19d80bd411dc302a71d78d4088937e8b2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE51B371A00208AFDB14CF58CCA5AAD7FA1EF89334F24815AF8095B252DB719E51EB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EB8D20 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EB8E71
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: ff75aabf20888397a7edb46b141c6df1dc116ff4bcd5b9aba38a47e1fe8c5282
                                                                                                                                                                                                                                                                            • Instruction ID: 6f8829302aa43a0334cb26ba7090afaea6b95fc6127111016160986d397a8c79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff75aabf20888397a7edb46b141c6df1dc116ff4bcd5b9aba38a47e1fe8c5282
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4541C272900119ABCB15DF68DD806EFBBA9EF44350F14026AE804E7351DA30DE51DBE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E32DE0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E32F17
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: ce99afa7e4053ed70994e92253e06b056a55b8728f324dabcb83dc450093d3da
                                                                                                                                                                                                                                                                            • Instruction ID: a9fc161c7156fa761b871b126e2d249798d04a86d56a894a1510462f0f776faa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce99afa7e4053ed70994e92253e06b056a55b8728f324dabcb83dc450093d3da
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00412872B000109FC719DE3DCC8A96DBBA9DF84310B24426CE955EB345EA30ED01C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E32C60 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E32D92
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4c120f9a5a4ccedba6d38eb6f122b4cba9e451ff550dbbd568bbad9d1f1c0ac1
                                                                                                                                                                                                                                                                            • Instruction ID: f1292510293ec2a0bca9f28025e1d33b2209ee26c5b1f7ad1080e3f3968ceb6b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c120f9a5a4ccedba6d38eb6f122b4cba9e451ff550dbbd568bbad9d1f1c0ac1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B413672A00214ABC715DF28DC846AEBFA6EF84350F6446BDE958AB342E630DD11D7E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00EB3010 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EB30F7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4397f769dd027e8f14c7085fd985747adf0038a789204070640942666833fa76
                                                                                                                                                                                                                                                                            • Instruction ID: 65e4fe750f386cca427ed963dc232bbcb2b1224687383734ff496455fec836d5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4397f769dd027e8f14c7085fd985747adf0038a789204070640942666833fa76
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27216EB1A00305AFD704AF34E8527ABB7A8EF54354F20033AF81597292DB71DA9497E2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F425F8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                            • Opcode ID: 633f57bd8e5e96ba4e320adf0e1a6aa647c66f9550f42e7e4dd5fc3862050ad0
                                                                                                                                                                                                                                                                            • Instruction ID: 891924a02480b495cea8963f373c3238c6a4506d1247f502172840d5ff84ed20
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 633f57bd8e5e96ba4e320adf0e1a6aa647c66f9550f42e7e4dd5fc3862050ad0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8115372A0020AAFCF06DF58E94199F7BF8EF48314F0140A9F808EB211D631EA11DBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F2AE70 Relevance: 1.6, APIs: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00E3238E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2659868963-0
                                                                                                                                                                                                                                                                            • Opcode ID: e33a0777055d394a35e12ab51dd0b20b1681a587a780f6e4cf4b71f706d0553c
                                                                                                                                                                                                                                                                            • Instruction ID: 9a302dd6f569e416985f72bddaf4f2486c29db1bdf2deeb52f87c0d71e507fba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e33a0777055d394a35e12ab51dd0b20b1681a587a780f6e4cf4b71f706d0553c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52012B3540031DB7CB14AAA5FC05989779CDF01320F508525FA58A7151FB70EA45E7D2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F4341C Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00F432E4: RtlAllocateHeap.NTDLL(00000000,?,?,?,00F2C25B,?,?,?,?,?,00E3315D,00F292DC,?,?,00F292DC), ref: 00F43316
                                                                                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(00000000,00000000,00EC9609,?,00000008,?,00EC9609,00000000,-00000010,0000004C,00EC794D,?,00000000,00000000,0000004C,00EC4621), ref: 00F43479
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2f6c89b23e8de8cc1218e2f98dbeadd4e0679b7b78c3b67bd668a44325b93528
                                                                                                                                                                                                                                                                            • Instruction ID: 8526bc2e0943e8ec8f656caec506c58606f24a1dfcfdf70452a158149fa110e6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f6c89b23e8de8cc1218e2f98dbeadd4e0679b7b78c3b67bd668a44325b93528
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F0F632E4121566EB23AE659C01BEA3F18AF91B71F258035FD14961B0DF34CE40B5A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E3E850 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetupDiGetClassDevsA.SETUPAPI(00F5E500,00000000,00000000,00000012), ref: 00E3E867
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassDevsSetup
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2330331845-0
                                                                                                                                                                                                                                                                            • Opcode ID: fba007c466e43a5a3f897968d2e93e66aed3702c9fb299470223b04e02cf5ec8
                                                                                                                                                                                                                                                                            • Instruction ID: 8825ac2817769b9313021a433d428b5fea798df5febd1eefff6f79fc8f02bf77
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fba007c466e43a5a3f897968d2e93e66aed3702c9fb299470223b04e02cf5ec8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59F0B470E5071457E3305F28A80A757BFE49B40718F100B5DF9489A7C1E7F1AA9893C2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F432E4 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00F2C25B,?,?,?,?,?,00E3315D,00F292DC,?,?,00F292DC), ref: 00F43316
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 89d72d6a52a6a146bd075fde92cea2088eac6aff05a9834dd29b9731ee68571f
                                                                                                                                                                                                                                                                            • Instruction ID: 63b558ed41d4a621540a9ba41d0025d93154f5d0e4ab678b5e27f14dfbbe6bdb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89d72d6a52a6a146bd075fde92cea2088eac6aff05a9834dd29b9731ee68571f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2E09232A4132996EB212E659C01B7B7E9CEF417B0F990120FC15D61D0DF68DE00B2F5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00F3A0AA Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00F3A0C7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                            • Opcode ID: ee1f2a5f3922fee81317f24f6c8dfbe84af3c6bc754769d458811927b12c1a4b
                                                                                                                                                                                                                                                                            • Instruction ID: 021649befd21af8a72c65f2e65a5dbe52335242d5852f1fd9c76b69fc6556224
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee1f2a5f3922fee81317f24f6c8dfbe84af3c6bc754769d458811927b12c1a4b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6D06C3200020DBBDF029F84DC06EDA3BAAFB4C714F118000FA1856020C732E921AB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E7ABB0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(6CEF0000), ref: 00E7ABC3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                            • Opcode ID: 21ab779aaf12b6939c49391151354a7b3932599dc788bb00ad0e0870a223a6ea
                                                                                                                                                                                                                                                                            • Instruction ID: c31282593d901d6273483f9296bbdbcd0f0ba9d3a578f2e9af3424469b83d944
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21ab779aaf12b6939c49391151354a7b3932599dc788bb00ad0e0870a223a6ea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8C08C3410428A8BE7318738AC4DFE63BB41341308F4C4054A400921A0D2F88408F3F1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E560E0 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                            • Opcode ID: 285f33ffee49398d4d7bc57d8dcadbb527fd24fb22b5a599b81c3a1993bccf63
                                                                                                                                                                                                                                                                            • Instruction ID: 7ec9b12cc175ffc5b5d311ad41f108baebfbb222bdbce62a8dfa142b684e75fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 285f33ffee49398d4d7bc57d8dcadbb527fd24fb22b5a599b81c3a1993bccf63
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF02721F0474817E620733C2E0B7BA3A858381315F440056EE04672A3D9A15C19D3E3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E561C0 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                            • Opcode ID: f858635388c001547847889f3e3a4c735d603be53930f220c39c2c9344eace7f
                                                                                                                                                                                                                                                                            • Instruction ID: cce1c10b9dec03ce3f7d98f13b330befb6d0551114877e60a2d156d041924d2b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f858635388c001547847889f3e3a4c735d603be53930f220c39c2c9344eace7f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCF02721E0424817E330337C7D0B7BA3A958381315F440165EE00672A2DAB25C19D3E3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E56150 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5174afe27805872beb6b847727a6913107e0b6119efac417ae1df289d04b1cd1
                                                                                                                                                                                                                                                                            • Instruction ID: 1dcb0db7f8e2f40b2154c6c5d76db3932d063363203fa366af51c716b4a4e1dc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5174afe27805872beb6b847727a6913107e0b6119efac417ae1df289d04b1cd1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BF0A731E006481AF62533787E0B7BA3AC687C5715F441595FE04672D3DBA25C1993E7
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00E56230 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2240580853.0000000000E31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240537681.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240731951.0000000000F5E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240765224.0000000000F8A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2240872908.0000000000F8E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_e30000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7e9d71a827b8bc96d2219feebfbd76aa12c3ada8a4d88df0b02de92a29db6458
                                                                                                                                                                                                                                                                            • Instruction ID: 028d991892fb4ae6fa822f5555cb2f581fa944ed227f1741cde02e3e95fde69c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e9d71a827b8bc96d2219feebfbd76aa12c3ada8a4d88df0b02de92a29db6458
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2EF02722E0034817E73433BC2D0B7BA3A848381315F480555EE00A76E2D9A15C5993E3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%